SolarWinds Orion Supply Chain (SUNBURST) Backdoor - Supply Chain Council of European Union

On December 13th, the security firm FireEye released the details of a sophisticated manual supply chain attack that affects SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 (with no hotfix installed) or 2020.2 HF 1. The threat actors involved were able to incorporate a malicious “SolarWinds.Orion.Core.BusinessLayer.dll” dubbed Sunburst into the SolarWinds Orion software distribution, which was digitally signed by SolarWinds. The malicious .DLL remains dormant for up to two weeks, where it then connects to several command-and-control servers, where it has the ability to conduct “Jobs”, which allow activities such as transfer of files, execution of files, system enumeration, and more. After initial compromise, the threat actors utilize available remote access tools and valid credentials within the environment to appear as legitimate traffic. Additional tools have also been deployed, one called Teardrop, which is a custom version of Cobalt Strike. SolarWinds recommends updating to Orion version 2020.2.2, which was made available Tuesday December 15^th, 2020. More details, as well as further mitigation may be found at: https://www.solarwinds.com/securityadvisory.

Matt Gurney: Supporting local industry shouldn’t be the first consideration in military procurement

Oracle opens its first cloud region in Chile

scceu

Related posts

Watch: How Ford digitalised and insourced global supply chain processes | Your Questions Answered Part II with Amlan Bose | Article

Perspective: Pharma Supply Chain: Not Ready for a Vaccine Just Yet

How businesses are pursuing Sustainability in Supply Chain | Supply Chain – Supply Chain Digital – The Procurement & Supply Chain Platform