14,952
edits
Changes
no edit summary
'''[[SolarWinds]]''' <br/>
'''[[SolarWinds]]''' <br/>
''SunBurst Attack'' <br/>
''SunBurst Attack'' <br/>
SolarWinds customers experienced a Russian-state-sponsored cyberattack that inserted a vulnerability called Sunburst into the Orion Platform (versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1). It allowed the attackers to compromise the servers running Orion products. The code was used in a targeted way to the extent that its exploitation required manual intervention. SolarWinds worked with [[CrowdStrike]] and [[KPMG]] to identify a component of Sunburst called Sunspot, which was responsible for injecting the Sunburst malicious code into the Orion Platform during the build process. Other components of the Sunburst malware chain include Teardrop and Raindrop.<ref>[https://www.solarwinds.com/sa-overview/securityadvisory#anchor2 Security Advisor, SolarWinds]</ref>
In March 202, SolarWinds customers began experiencing a Russian-state-sponsored cyberattack that inserted a vulnerability called Sunburst into the Orion Platform (versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1). It allowed the attackers to compromise the servers running Orion products. The code was used in a targeted way to the extent that its exploitation required manual intervention. SolarWinds worked with [[CrowdStrike]] and [[KPMG]] to identify a component of Sunburst called Sunspot, which was responsible for injecting the Sunburst malicious code into the Orion Platform during the build process. Other components of the Sunburst malware chain include Teardrop and Raindrop.<ref>[https://www.solarwinds.com/sa-overview/securityadvisory#anchor2 Security Advisor, SolarWinds]</ref>
''''Asus'' & '''CCleaner'''<br/>
In July 2017, security analysts discovered Barium (aka ShadowHammer, ShadowPad, Wicked Panda), which is a Chinese hacker group that uses supply chain attacks as their core tool. They seed infections to many victims and then sort them to find espionage targets. This group infiltrated Asus and infected users through software updates and infected other users through CCleaner.<br/>
''' Maersk'''
In June 2017, NotPetya, a Russian hacker group's malware, spread by disguising itself as a legitimate software update. First, it hijacked Ukrainian accounting software and then seeded a worm that caused a record-breaking US$10 billion in damages around the world, including at the shipping company Maersk, which spent over a week on manually recovering its active directory.<ref><ref>[https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/petya.html Petya vs NotPetya, McAfee]</ref>[https://www.semperis.com/blog/notpetya-flashback-the-latest-supply-chain-attack-puts-active-directory-at-risk-of-compromise/ NotPetya Flashback, Semperis]</ref>
==References==
==References==