#Solarwinds hack update#
Similarly, Reuters also reported on Monday, confirmed with independent sources by ZDNet, that many companies that installed the trojanized Orion app update did not discover evidence of additional activity and escalation on internal networks, confirming that hackers only went after high-profile targets. This was confirmed in a report on Monday from US security firm Symantec, which said that it discovered the SUNBURST malware on the internal networks of 100 of its customers, but it did not see any evidence of second-stage payloads or network escalation activity. Microsoft and industry partners seize key domain used in hack.Microsoft identifies 40+ victims, most in US.A second hacking group targets SolarWinds systems.
CISA: US govt agencies must update right away. SolarWinds: The more we learn, the worse it looks. Sources familiar with today's actions described the takedown as "protective work" done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers. Takedown to prevent last-ditch hacksĮarlier today, a coalition of tech companies seized and sinkholed avsvmcloudcom, transferring the domain into Microsoft's possession. Once installed on a computer, the malware would sit dormant for 12 to 14 days and then ping a subdomain of avsvmcloudcom.Īccording to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company's network. SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, contained a strain of malware named SUNBURST (also known as Solorigate). The domain in question is avsvmcloudcom, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. Every remote worker should consider a virtual private network to stay safe online.
0 kommentar(er)
