Researchers reported a supply chain attack affecting organizations around the world on Dec. The SolarStorm ATOM is also being updated as new details emerge. Those seeking details on how Palo Alto Networks is protecting its customers from this threat, please read our Threat Brief on SolarStorm and SUNBURST containing those details, which is being updated as new information comes to light. Of course, we should expect that an adversary with the capability to execute this campaign could have used many additional means to accomplish their goal. We are tracking these reports but have not confirmed other techniques used to obtain initial access to networks at this time.
Everwing hack august 2019 software#
We do not know when SolarStorm first compromised the SolarWinds software supply chain or the method by which they accomplished this task.Īdditionally, multiple reports indicate that SolarStorm employed additional initial access vectors beyond the compromised SolarWinds software. The first modified SolarWinds software was released in October 2019, and the earliest related Cobalt Strike payload we’ve identified was generated using Cobalt Strike 4.0, which was built in December 2019. We do, however, have evidence that SolarStorm command and control (C2) infrastructure was set up as early as August 2019. It is important to note that we do not have complete knowledge of when the planning and execution of this campaign began. And as we learn that this threat actor used additional attack vectors, we urge everyone to share what they know about this attack so that we as a cybersecurity community get a complete picture of it as quickly as possible. We believe this will be invaluable to cybersecurity professionals in the industry responding to this attack, as well as to other researchers piecing together the event details. Given the importance of the event, we are publishing a timeline of the attack based on our extensive research into the information available to us and our direct experience defending against this threat. While this is not the first software supply chain compromise, it may be the most notable, as the attacker was trying to gain widespread, persistent access to a number of critical networks. 18, we launched a SolarStorm Rapid Assessment program resulting in more than 600 companies requesting this service within the first four days.
Unit 42 was able to connect this event back to an attack we successfully prevented earlier this year. The event was a supply chain attack on SolarWinds Orion Ⓡ software conducted by suspected nation-state operators that we are tracking as SolarStorm. 13, the cyber community became aware of one of the most significant cybersecurity events of our time, impacting both commercial and government organizations around the world.
0 kommentar(er)
