WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.

Follow Me

SolarStorm SolarWinds SUNBURST Vendor Links (updated as I find them)

By WirelessPhreak Thursday, December 17, 2020 Labels: Hacking , Security , SolarStorm , SolarWinds , Sunburst

So SolarStorm the SolarWinds supply chain hack... Yeah.... You might have heard about it?

SolarWinds supply chain was compromised. What that means is a trojanized version of a SolarWinds package was uploaded and distributed to their clients . The infected package contained malware named SUNBURST, and when clients installed the infected package it also installed the malware. The malware creates a backdoor to allow the bad actors to control the server, move laterally, and exfiltrate data. Basically what ever they want....

Updated Solarwinds Attack Lifecycle:

What should you do now:

As information starts to come out and the initial freak out calms down we are learning more about the impact of these exploits, and they are pretty huge. I wanted to gather a collection of information and vendor responses in one place to try to help fellow nerds have a resource of reliable information.

SolarWinds

Security Advisory https://www.solarwinds.com/securityadvisory

Fireeye Links

Initial write up about the Sunburst https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Counter Measures https://github.com/fireeye/sunburst_countermeasures

US Cybersecurity and Infrastructure Security Agency (CISA)

Emergency Directive https://cyber.dhs.gov/ed/21-01/

Palo Alto Networks Unit 42

Analysis of Sunburst https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/

Check Point

Information https://blog.checkpoint.com/2020/12/16/solarwinds-sunburst-attack-what-do-you-need-to-know/

Cisco Networks

Security Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-solarwinds-supply-chain-attack
Talos write up https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html

Splunk

Response and Identification tool https://www.splunk.com/en_us/blog/security/sunburst-backdoor-detections-in-splunk.html

Mcafee

Information https://www.mcafee.com/blogs/other-blogs/mcafee-labs/sunburst-malware-and-solarwinds-supply-chain-compromise/

Microsoft

Pretty tough to get through :( https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/
**Customer Guidance: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Infoblox

Response https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory-solarwinds-supply-chain-attack/

Elasticsearch (Elastic Security)

Response and Identification tool https://www.elastic.co/blog/elastic-security-provides-free-and-open-protections-for-sunburst

Fortinet

**Response https://www.fortinet.com/blog/threat-research/what-we-have-learned-so-far-about-the-sunburst-solarwinds-hack

Link to Blog post about Reverse Engineering the encoded DGAs:

https://blog.prevasio.com/2020/12/sunburst-backdoor-part-ii-dga-list-of.html

Cynet

** Response: https://www.cynet.com/blog/cynet-security-critical-update-solarwinds-supply-chain-attack/

Symantec

** Analysis: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-attacks-stealthy-attackers-attempted-evade-detection

CrowdStrike

**Assessing the SolarWinds hack with their tool: https://www.crowdstrike.com/blog/tech-center/assess-solarwinds/

** is a link that has been added. I will also highlight them in Bold font.

Share On

Share on Google+

Pin on Pinterest

Tweet about this on Twitter

Share on Tumblr

Share on LinkedIn

Share on Facebook

About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...