WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

SolarStorm SolarWinds SUNBURST Vendor Links (updated as I find them)



By   WirelessPhreak      Thursday, December 17, 2020      Labels: , , , ,  

So SolarStorm the SolarWinds supply chain hack... Yeah.... You might have heard about it? 

 

SolarWinds supply chain was compromised. What that means is a trojanized version of a SolarWinds  package was uploaded and distributed to their clients .  The infected package contained malware named SUNBURST, and when clients installed the infected package it also installed the malware.  The malware creates a backdoor to allow the bad actors to control the server, move laterally, and exfiltrate data. Basically what ever they want....

 

 

 Updated Solarwinds Attack Lifecycle:


What should you do now:

 

As information starts to come out and the initial freak out calms down we are learning more about the impact of these exploits, and they are pretty huge. I wanted to gather a collection of information and vendor responses in one place to try to help fellow nerds have a resource of reliable information. 

 

SolarWinds

Fireeye Links

US Cybersecurity and Infrastructure Security Agency (CISA) 

Palo Alto Networks Unit 42

Check Point

Splunk

Mcafee

Microsoft

Infoblox

 Elasticsearch (Elastic Security)
Link to Blog post about Reverse Engineering the encoded  DGAs:
Cynet
Symantec
CrowdStrike
 
 
** is a link that has been added. I will also highlight them in Bold font.

About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...


Magic Candle Company

Disney Park withdrawals?

Click on the image and get 10% off!

Join the EFF

Join the EFF
#privacy #digitalrights