About the Sunburst Backdoor
The Sunburst malware attack was discovered in early December by FireEye researchers and is already considered one of the most evasive, sophisticated, and significant cyberattacks in history. It is being attributed to a nation-state actor, with an early consensus pointing to the Russian state-sponsored “Cozy Bear” group. It is a supply chain attack, specifically a trojan malware attack using a backdoor installed in compromised network monitoring and management software distributed by the publicly-traded company SolarWinds.
The infiltration dates from at least last March, although SolarWinds announced that they have detected activity from the hackers as far back as October 2019. The duration of this “dwell time” means the attacker has had ample opportunity to move to further stages of attack inside organizations, such as the just-revealed penetration of the U.S. Treasury’s email system in July. Each passing day brings new revelations about the attack. Understanding the scope of the damage of the breaches will require time, but it is estimated that as many as 18,000 private and public organizations that use SolarWinds Orion may have been directly impacted, including many Fortune 500 corporations and US military, security and energy agencies.
Use a Sunburst Backdoor Rapid Response Dashboard
The Anomali Threat Research team has published a Sunburst Backdoor themed dashboard that analysts can add to their ThreatStream home screen. Look for it on the Add Existing tab.Request a demo
Actionable Threat Intelligence Available for Sunburst Cyber Attacks on SolarWinds
Read a blog regarding the free actionable threat intelligence our Anomali Threat Research team has created.
Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack
Read a blog detailing the custom Sunburst backdoor ThreatStream dashboard.
Sunburst Hack Shows that Detection is Key to Solid Defense
Read a blog providing detail and some defensive perspective on the attack from the Anomali Threat Research team.
The SolarWinds Hack: Adversaries Want Access, How To Protect Your Organization
Listen to a podcast from the Anomali Threat Research team discussing what happened and how threat intelligence can help.