SolarWinds Orion (Sunburst)

[Cross-posted from the Yet Another Security Blog by Craig Buchanan of Stillwater]

Solarwinds continues to make the news. Mostly at this point are discussions of remediations and how many threat actors seem to have used it. This is an important reminder that just because one nation-state actor develops a tool does not mean they always keep it to themselves. In this case, we are seeing more and more cooperation between Russian-linked groups and groups in China, Iran, and North Korea. This indicates that it could very well be a "mostly hidden" first shot in a global cyberwar. I will use this as a chance to remind you that if you are not a member of the MS-ISAC, EI-ISAC, Infragard, and state-based IT organizations, now is a good time. We are stronger together.

Here are some of this week’s articles:

https://www.scmagazine.com/home/health-care/ransomware-supply-chain-attacks-compel-health-care-organizations-to-act/

https://www.scmagazine.com/home/solarwinds-hack/chinese-linked-to-two-attacks-on-internet-facing-solarwinds-server/

https://cyware.com/news/there-is-still-more-to-solarwinds-attack-de2590d2

https://thecyberwire.com/newsletters/research-briefing/3/10

https://thehackernews.com/2021/03/solarwinds-hack-new-evidence-suggests.html

https://thehackernews.com/2021/03/researchers-find-3-new-malware-strains.html

https://www.zdnet.com/article/supernova-malware-clues-link-chinese-threat-group-spiral-to-solarwinds-hacks/?&web_view=true

For more information, or to comment on this topic, visit Yet Another Security Blog.

SnipsOGITAMarch 17, 2021solar winds, orion, Sunburst, russian, russia, nation-state