We are tracking the trojanized version of this SolarWinds Orion plug-in as SUNBURST.Īfter an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. dll is a SolarWinds digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. Post compromise activity following this supply chain compromise has included lateral movement and data theft. This campaign may have begun as early as Spring 2020 and is currently ongoing. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. The actors behind this campaign gained access to numerous public and private organizations around the world. FireEye products and services can help customers detect and block this attack.įireEye has uncovered a widespread campaign, that we are tracking as UNC2452. These are found on our public GitHub page. FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild.The campaign is widespread, affecting public and private organizations around the world.The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. ![]() We are tracking the actors behind this campaign as UNC2452. ![]() We have discovered a global intrusion campaign.The UNC2452 activity described in this post is now attributed to APT29. UPDATE (May 2022): We have merged UNC2452 with APT29. Create a Free Mandiant Advantage Account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |