The SolarWinds cyber attack has been explained from the perspective of the vendors affected, but here’s a look at its process, lifecycle, and global impact. How SolarWinds Attack Was Carried Out The SolarWinds assault was a typical supply chain attack. In these kinds of hacks, the attacke...
1.Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor,https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html,2020. 2.Raindrop: New Malware Discovere...
图4 C2服务器端监听状态 在主控端选择Attack,创建一个Windows Executable,如图5所示。 图5 Windows上创建的可执行载荷 将此Executable放到目标主机上运行,即可在主控端界面上显示上线,如图6所示。 图6 受害主机上线 与此同时,在受害(目标)主机上运行Wireshark,抓到了其发出的GET流量(图7上)。同时也发现了鲁大师之...
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
由于SolarWinds恶意软件的DGA域名生成算法已被破解,有安全研究人员已经公布了较为完整的潜在受害者列表,安全牛查询后发现还有包括联发科在内的大量企业“上榜”,截图如下: 参考资料 获取完整列表请访问: https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/...
·风险:Dark Halo利用SolarWinds破坏组织 ·CISA:政府机构,关键基础设施和私营部门组织的高级持续威胁折衷方案 参考及来源:https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/...
由于SolarWinds恶意软件的DGA域名生成算法已被破解,有安全研究人员已经公布了较为完整的潜在受害者列表,安全牛查询后发现还有包括联发科在内的大量企业“上榜”,截图如下: 参考资料 获取完整列表请访问: https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/...
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-de...
Detection and Hunting of Golden SAML Attack https://www.sygnia.co/golden-saml-advisory Dark Halo Leverages SolarWinds Compromise to Breach Organizations https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ ...
本文总结了SolarWinds供应链攻击的进展情况,主要包括新发现的技术点解读和攻击相关的最新动态。 详尽的攻击链细节 1获取初始权限阶段 1.1 事件进展 1月7号,美国网络安全与基础设施安全局(CISA)更新了其对SolarWinds供应链攻击事件的调查报告《Advanced Persistent Threat Compromise of Government Agencies, Critical Infrast...