A Fifth of Sunburst Backdoor Victims from Manufacturing Industry

Nearly a fifth of organizations hit by the Sunburst backdoor emanating from the SolarWinds supply chain attack are from the manufacturing sector, a new analysis from Kaspersky has revealed.

While researchers have already uncovered technical details of the Sunburst backdoor that was embedded in the SolarWinds incident late last year, information of the full impact of the attack is still being investigated. It has been officially confirmed that around 18,000 users may have installed backdoor versions of SolarWinds, potentially leaving them at risk of further attack, but Kaspersky sought to gain more information on the types of organizations affected.

To do so, Kaspersky ICS CERT researchers compiled a list of nearly 2000 readable and attributable domains from available decoded internal domain names obtained from DNS names generated by the Sunburst DomainName Generation Algorithm. This showed that around a third (32.4%) of all victims were industrial organizations, with manufacturing (18.11% of all victims) by far the most affected. This was followed by utilities (3.24%), construction (3.03%), transportation and logistics (2.97%) and oil and gas (1.35%).

The regions in which these industrial organizations were based were wide-ranging, including Benin, Canada, Chile, Djibouti, Indonesia, Iran, Malaysia, Mexico, the Netherlands, the Philippines, Portugal, Russia, Saudi Arabia, Taiwan, Uganda and the US.

Maria Garnaeva, senior security researcher at Kaspersky, commented: “The SolarWinds software is highly integrated into many systems around the globe in different industries and, as a result, the scale of the Sunburst attack is unparalleled – a lot of organizations that had been affected might have not been of interest to the attackers initially. While we do not have evidence of a second-stage attack among ..

Support the originator by clicking the read the rest link below.