On Sunday, December 13, 2020, SolarWindsannouncedthat it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for ...
Detection and Hunting of Golden SAML Attack https://www.sygnia.co/golden-saml-advisory Dark Halo Leverages SolarWinds Compromise to Breach Organizations https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ Securonix Threat Research: Detecting Sola...
Orion是SolarWinds旗下的平台型软件,主要用于帮助企业管理网络、系统和信息技术基础设施,是一个强大的、可扩展的基础架构监视和管理平台。 2020年12月,知名网络安全公司Fireeye发布报告称Orion平台遭到黑客组织入侵,并详细分析了该次攻击的技术方法和波及范围。随后,赛门铁克等安全公司跟进报告,分析了其各个攻击阶段的技术特...
1.Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor,https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html,2020. 2.Raindrop: New Malware Discovere...
由于SolarWinds恶意软件的DGA域名生成算法已被破解,有安全研究人员已经公布了较为完整的潜在受害者列表,安全牛查询后发现还有包括联发科在内的大量企业“上榜”,截图如下: 获取完整列表请访问: https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/...
2020年12月 FireEye这家公司有点火,先是主动曝光了自家的RedTeam工具包被俄罗斯黑客组织窃取,然后在GitHub上公布了针对这套攻击程序的检测方法。泄漏的攻击程序本身危害不大,但是这说明FireEye这种专门跟踪披露APT攻击的公司也被他的对手反向攻击了。在上周,FireEye又披露了一个更专业的黑客攻击事件,推测也是由俄罗斯发起...
由于SolarWinds恶意软件的DGA域名生成算法已被破解,有安全研究人员已经公布了较为完整的潜在受害者列表,安全牛查询后发现还有包括联发科在内的大量企业“上榜”,截图如下: 参考资料 获取完整列表请访问: https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/...
Volexity 公司透漏了SolarWinds公司Outlook Web App (OWA)邮件系统的多因素认证(MFA)被绕过、Exchange服务器被漏洞(CVE-2020-0688)攻陷、特定邮件被窃取的技术细节。因为具有相同的TTP,所以认为与此次供应链攻击是同一组织所为。 1.2 技术点分析 密码猜测与密码喷洒 ...
This week’s cybersecurity news has been dominated by one event, the SolarWinds supply chain attack. On Sunday, the Washington Post published anarticledetailing who is possibly behind the attack. The sentiment was echoed in a New York Timesarticlepublished on the same day. While the finger-poi...
·风险:Dark Halo利用SolarWinds破坏组织 ·CISA:政府机构,关键基础设施和私营部门组织的高级持续威胁折衷方案 参考及来源:https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/...