Get an iPad mini, ASUS ZenScreen LED Monitor, or $350 Off with OnDemand Training thru 5/19


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack

  • Monday, December 14, 2020 at 5:00 PM EST (2020-12-14 22:00:00 UTC)
  • Jake Williams

You can now attend the webcast using your mobile device!



On Dec 13, 2020, SolarWinds, an IT company that creates software for network management, stated they were investigating an incident that appears to be the product of a highly-sophisticated, targeted and manual supply chain attack by a nation-state. SolarWinds said they are in contact with the FBI and that a vulnerability which existed until the March-June 2020 timeframe was leveraged to take advantage of their Orion software product.

The attack is a supply-chain based attack in which the adversary can leverage the software's update mechanism. The SolarWinds attack has been linked to the Treasury Department and FireEye compromises at this time.

Information is being released continuously by those investigating the incidents across the thousands of organizations that use SolarWinds, including governments, militaries, and commercial entities around the world.

As indicators of compromise continue to be released, organizations and their incident response teams should prioritize hunting for adversary behaviors and Tools, Techniques, and Procedures (TTPs) associated with their SolarWinds installs, as that platform could be leveraged as a launching point into their organization.

Participants will learn about:

  • The latest information regarding the SolarWinds incident and the mechanics of the supply chain attack.
  • Any known detection mechanisms, including IoCs, that have been released at this point.
  • How the incident could impact organizations that use SolarWinds and where to begin investigations.

Speaker Bio

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.