Security News > 2020 > December > SolarWinds victims revealed after cracking the Sunburst malware DGA

SolarWinds victims revealed after cracking the Sunburst malware DGA
2020-12-22 09:11

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware in attempts to further compromise their networks, after ongoing investigations of the SolarWinds supply chain attack.

To build the list of victims infected with the Sunburst backdoor via the compromised update mechanism of the SolarWinds Orion IT management platform, the researchers decoded a dynamically generated part of the C2 subdomain for each of the compromised devices.

NETRESEC's list of decoded Sunburst C2 subdomains provides a set of internal organization names that weren't only infected with the backdoor but were also individually targeted for second-stage attacks for further internal compromise.

Fidelis Cybersecurity, Qualys, and Palo Alto Networks have all confirmed that they've either been targeted for second stage attacks or have deployed trojanized SolarWinds Orion versions in their environments - Qualys said it was only deployed in a "Lab environment for testing."

In total, eight cybersecurity firms have confirmed that they were targeted in the SolarWinds supply-chain attack also including Malwarebytes, Microsoft, FireEye, and CrowdStrike.


News URL

https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215