FireEye, which detected the attack, discovered SUNBURST, a malware that was trojanizing the SolarWinds Orion updates. The initial infection vector identified so far relates to a zero-day vulnerability of an update of SolarWinds Orion - a platform that provides full IT stack monitoring services - that permitted the attackers to gain access to network traffic management systems. It has targeted several US federal departments, private companies and critical infrastructure organizations, going undetected since at least March of last year. The recently detected, high-profile SolarWinds hack is a typical APT attack. The tactics deployed by such groups involve a combination of attack types, from exploiting zero-day vulnerabilities to social engineering, gaining access, establishing a foothold and deepening access, and then remaining in a target’s systems undetected until realizing their goal. Well-organized teams with significant resources and targets they are not willing to give up attacking until their mission is accomplished are certainly not a threat to be underestimated. Advanced Persistent Threats (APTs) have long been a concern of the cybersecurity community.
0 kommentar(er)
