On Dec 13, 2020, SolarWinds, an IT company that creates software for network management, stated they were investigating an incident that appears to be the product of a 'highly-sophisticated, targeted and manual supply chain attack by a nation-state. ' SolarWinds said they are in contact with the FBI and that a vulnerability which existed until the March-June 2020 timeframe was leveraged to take advantage of their Orion software product.
The attack is a supply-chain based attack in which the adversary can leverage the software's update mechanism.'the SolarWinds attack has been linked to the Treasury Department and FireEye compromises at this time.
Information is being released continuously by those investigating the incidents across the thousands of organizations that use SolarWinds, including governments, militaries, and commercial entities around the world.
As indicators of compromise continue to be released, organizations and their incident response teams should prioritize hunting for adversary behaviors and Tools, Techniques, and Procedures (TTPs) associated with their SolarWinds installs, as that platform could be leveraged as a launching point into their organization.
Participants will learn about: