LogRhythm Labs has gathered up the indicators of compromise (IOCs) from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in GitHub repository for your convenience. Feel free to download and import the IOC files into your LogRhythm deployment for investigations and real-time analytics.
Please note that new information on this advanced persistent threat (APT) activity will likely be released for weeks, if not months, given the scope of the attack. Although we will occasionally update our GitHub repository, we cannot guarantee the timeliness or accuracy of the information released by other parties. We advise you to review the sources discussed in this article on your own for the most updated information. In this blog post, we discuss how these IOCs were extracted and the threat hunting opportunities within the LogRhythm NextGen SIEM Platform.
TL;DR
FireEye recently reported on a compromise involving a supply chain attack using SolarWinds. This report comes on the heels of FireEye recently disclosing that they too have been compromised by a threat actor. FireEye published IOCs that we shared along with details on how to use them in LogRhythm here.
Keep reading to learn how to apply the threat intelligence shared by FireEye, CISA, and Volexity to threat hunt for adversarial activity in your environment.
FireEye Sunburst Countermeasures GitHub Repository
Support the originator by clicking the read the rest link below.
