The discovery that other tools also use the library (.dll) that was modified such as the Network Configuration Management tool. (Update: as of December 20, SolarWinds remediated the malicious component from their website) As of December 18, 2020, SolarWinds download site is still delivering compromised components as evidenced by the presence of Indicators of Compromise (IOCs) within the most recent updates.The discovery of malicious components as early as October 2019, 5 months earlier than previously identified.However, research recently compiled by SecurityScorecard’s Investigation & Analysis team indicates that the SUNBURST malware (also referred to as Solarigate) was used as a trojanized backdoor into SolarWinds’ products as early as October 2019 and SolarWinds is still delivering compromised components.ģ key takeaways of SecurityScorecard’s research: Available Open-Source Intelligence (OSINT) indicates attackers gained access to a software repository and used the access to distribute malware with legitimate updates. Cybersecurity & Infrastructure Security Agency (CISA) released a follow-up alert regarding the SolarWinds/SUNBURST backdoor and compromises, stating, among other things, that such compromises began in at least March 2020.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |