Current Status of SolarWinds ResearchThe SolarWinds supply chain compromise was just one component of a sophisticated cyber espionage campaign that was active during mid-2020. The intent and narrow focus of the threat actor meant that, while thousands of organizations were impacted through the download of the trojanized SolarWinds code, only a very small number were ultimately targeted. However, new threat actors may use some of these tactics and techniques in the future, and as revelations around this campaign continue to emerge, we want our customers to be assured that our cloud-native security platform and services have their back.
What We Observed Across Our Customer BaseSince mid-December, we have described the actions we were taking and the key issues that stand out from what we have learned, and provided opportunities for customers to ask questions directly to our Secureworks Counter Threat UnitTM (CTU) and Chief Information Security Officer. This level of response is in our DNA: Proactive Incident Response, ongoing context through CTU threat intelligence reporting, rapid updates of new indicators and countermeasures to our platform(s), and data analysis across multiple sources; endpoint, cloud, and network.
We continue to add coverage in the following areas of research, noting observations from our Incident Response and SOC teams’ investigations across both current and historical customer data. Our observations are consistent with industry comments on the narrow focus of the attack.
FireEye tools - we deployed countermeasures but have seen no evidence of these tools being used against our customers
SolarWinds supply chain attack – many of our customers downloaded the trojanized SolarWinds code containing the SUNBURST backdoor, but we have seen no evidence of this access being leveraged by the th ..
Support the originator by clicking the read the rest link below.
