The U.S. Department of Homeland Security, Treasury Department and FireEye are among the most prominent victims affected by the supply chain attack on SolarWinds network monitoring software. But these data breaches are just scratching the surface of one of the most significant foreign hacking incidents in history – one that will have long-lasting repercussions.
SolarWinds estimates that between last March and June, roughly 18,000 user organizations downloaded updates of its Orion software that Russian APT actors allegedly corrupted with Sunburst backdoor malware. That attack allowed the culprits to perform reconnaissance, elevate their privileges, move laterally and steal data. Now SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine whether or not they were among those impacted by the cyber espionage operation.
So how might they do that?
For starters, customers must confirm precisely what data and systems were affected, then mitigate the damage and remove all signs of persistence before they can safely use the Orion software again. In the longer term, companies will also have to take a hard look at new safeguards and intern ..
Support the originator by clicking the read the rest link below.
