The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim.

Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual property and other assets.

Among the co-victims: US government, government contractors, Information Technology companies, and NGOs. An incredible amount of sensitive data was stolen from several customers after a trojanized version of SolarWinds’ application was installed on their internal structures.

Looking at the technical capabilities of the malware, as you will see, this particular attack was quite impressive. A particular file, named SolarWinds.Orion.Core.BusinessLayer.dll is a SolarWinds digitally signed component of the Orion software framework.

See the whole article written by Michael Ioffe, Senior Security Researcher at Cymulate in The Hacker News:

 

READ MORE