SolarWinds Orion Supply Chain (SUNBURST) Backdoor - Supply Chain Council of European Union

On December 13th, the security firm FireEye released the details of a sophisticated manual supply chain attack that affects SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 (with no hotfix installed) or 2020.2 HF 1. The threat actors involved were able to incorporate a malicious “SolarWinds.Orion.Core.BusinessLayer.dll” dubbed Sunburst into the SolarWinds Orion software distribution, which was digitally signed by SolarWinds. The malicious .DLL remains dormant for up to two weeks, where it then connects to several command-and-control servers, where it has the ability to conduct “Jobs”, which allow activities such as transfer of files, execution of files, system enumeration, and more. After initial compromise, the threat actors utilize available remote access tools and valid credentials within the environment to appear as legitimate traffic. Additional tools have also been deployed, one called Teardrop, which is a custom version of Cobalt Strike. SolarWinds recommends updating to Orion version 2020.2.2, which was made available Tuesday December 15^th, 2020. More details, as well as further mitigation may be found at: https://www.solarwinds.com/securityadvisory.

Matt Gurney: Supporting local industry shouldn’t be the first consideration in military procurement

Oracle opens its first cloud region in Chile

scceu

Related posts

This Mumbai-based finance startup helps link supply chain financing to capital markets

Is Your Supply Chain Software SOC-2 Compliant? Here’s Why It Matters | 2022-01-30

Tekni-Plex Medical’s COMPAMED web sessions: Supply chain risks and selecting correct tubing products