Security News > 2021 > January > Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack

Hundreds of industrial organizations have apparently received a piece of malware named Sunburst as part of the supply chain attack that hit IT management and monitoring firm SolarWinds last year, Kaspersky's ICS CERT unit reported on Tuesday.

An analysis of command and control mechanisms used by the Sunburst malware, specifically DNS responses, has allowed researchers to determine which organizations may have received Sunburst and which might have been breached further by the SolarWinds hackers.

Kaspersky's industrial cybersecurity researchers analyzed a list of nearly 2,000 domains impacted by Sunburst and estimated that roughly 32% of them were associated with industrial organizations.

The cybersecurity firm has determined that roughly 200 of its customers received the malicious SolarWinds updates, including more than 20 in industrial sectors.

"The SolarWinds software is highly integrated into many systems around the globe in different industries and, as a result, the scale of the Sunburst attack is unparalleled - a lot of organizations that had been affected might have not been of interest to the attackers initially," said Maria Garnaeva, senior security researcher at Kaspersky.

"While we do not have evidence of a second-stage attack among these victims, we should not rule out the possibility that it may come in the future. Therefore, it is crucial for organizations that may be victims of the attack to rule out the infection and make sure they have the right incident response procedures in place," Garnaeva added.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/6suEbRYThZA/hundreds-industrial-organizations-received-sunburst-malware-solarwinds-attack