SolarWinds Orion Supply Chain (SUNBURST) Backdoor - Supply Chain Council of European Union

On December 13th, the security firm FireEye released the details of a sophisticated manual supply chain attack that affects SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 (with no hotfix installed) or 2020.2 HF 1. The threat actors involved were able to incorporate a malicious “SolarWinds.Orion.Core.BusinessLayer.dll” dubbed Sunburst into the SolarWinds Orion software distribution, which was digitally signed by SolarWinds. The malicious .DLL remains dormant for up to two weeks, where it then connects to several command-and-control servers, where it has the ability to conduct “Jobs”, which allow activities such as transfer of files, execution of files, system enumeration, and more. After initial compromise, the threat actors utilize available remote access tools and valid credentials within the environment to appear as legitimate traffic. Additional tools have also been deployed, one called Teardrop, which is a custom version of Cobalt Strike. SolarWinds recommends updating to Orion version 2020.2.2, which was made available Tuesday December 15^th, 2020. More details, as well as further mitigation may be found at: https://www.solarwinds.com/securityadvisory.

Matt Gurney: Supporting local industry shouldn’t be the first consideration in military procurement

Oracle opens its first cloud region in Chile

scceu

Related posts

Supply chain problems delay opening of WSP zinc reclamation plant | News

Asendia USA: developing a key partnership with Adore Me | Supply Chain

Ship Plate Market Analysis, Cost Structures, Demand, Supply Chain relationship and Forecast to 2026 – The Courier