Sunburst Attack Resource Center
In the wake of the Sunburst attack distributed globally via SolarWinds software, we have assembled information and resources from Anomali below to help our customers and the general public quickly understand the attack and identify any impact on your organization.
Get FREE Actionable Sunburst Threat Intelligence Today!
We have pulled together over 2,000 unique IOCs to help you defend against this sophisticated cyber attack.
Download nowAbout the Sunburst Backdoor
The Sunburst malware attack was discovered in early December by FireEye researchers and is already considered one of the most evasive, sophisticated, and significant cyberattacks in history. It is being attributed to a nation-state actor, with an early consensus pointing to the Russian state-sponsored “Cozy Bear” group. It is a supply chain attack, specifically a trojan malware attack using a backdoor installed in compromised network monitoring and management software distributed by the publicly-traded company SolarWinds.
The infiltration dates from at least last March, although SolarWinds announced that they have detected activity from the hackers as far back as October 2019. The duration of this “dwell time” means the attacker has had ample opportunity to move to further stages of attack inside organizations, such as the just-revealed penetration of the U.S. Treasury’s email system in July. Each passing day brings new revelations about the attack. Understanding the scope of the damage of the breaches will require time, but it is estimated that as many as 18,000 private and public organizations that use SolarWinds Orion may have been directly impacted, including many Fortune 500 corporations and US military, security and energy agencies.
Use a Sunburst Backdoor Rapid Response Dashboard
The Anomali Threat Research team has published a Sunburst Backdoor themed dashboard that analysts can add to their ThreatStream home screen. Look for it on the “Add Existing” tab.
Request a demo
