The trojanized component is digitally signed and contains a backdoor that communicates with third-party servers controlled by the attackers.
#What is solarwinds hack .dll
The attackers managed to modify an Orion platform plug-in called .dll that is distributed as part of Orion platform updates.
#What is solarwinds hack manual
However, FireEye noted in its analysis that each of the attacks required meticulous planning and manual interaction by the attackers.
#What is solarwinds hack software
The software builds for Orion versions 2019.4 HF 5 through 2020.2.1 that were released between March 2020 and June 2020 might have contained a trojanized component. FireEye has notified all entities we are aware of being affected." The malicious Orion updates We anticipate there are additional victims in other countries and verticals. "The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. "FireEye has detected this activity at multiple entities worldwide," the company said in an advisory Sunday. Even though FireEye did not name the group of attackers responsible, the Washington Post reports it is APT29 or Cozy Bear, the hacking arm of Russia's foreign intelligence service, the SVR. The SolarWinds software supply chain attack also allowed hackers to access the network of US cybersecurity firm FireEye, a breach that was announced last week. On a page on its website that was taken down after news broke out, SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. The attack involved hackers compromising the infrastructure of SolarWinds, a company that produces a network and applications monitoring platform called Orion, and then using that access to produce and distribute trojanized updates to the software's users. The news triggered an emergency meeting of the US National Security Council on Saturday. Ī hacker group believed to be affiliated with the Russian government gained access to computer systems belonging to multiple US government departments including the US Treasury and Commerce in a long campaign that is believed to have started in March. The incident highlights the severe impact software supply chain attacks can have and the unfortunate fact that most organizations are woefully unprepared to prevent and detect such threats. The recent breach of major cybersecurity company FireEye by nation-state hackers was part of a much larger attack that was carried out through malicious updates to a popular network monitoring product and impacted major government organizations and companies.
0 kommentar(er)
