SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates.
Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream.
Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted.
As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to additional dashboards announced as part of our December quarterly product release.
Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console:
After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available:
Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can request a demo here.
For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial threat bulletin and downloadable set of OSINT IOCs available here.