vendredi 18 décembre 2020
Customer Guidance on Recent Nation-State Cyber Attacks
La cyberattaque, qui a commencé à être exploitée au printemps dernier, a visé de nombreuses entités de l’administration américaine, outre des organisations publiques et privées à travers le monde. Potentiellement attribuée à la Russie, il s’agirait de l’une des plus inquiétantes identifiées depuis des années.
Une cyberattaque d’envergure touche par ricochet les réseaux de nombreuses administrations et de grandes entreprises dans le monde entier, dont le géant Microsoft.
Sunburst : Microsoft concède faire partie des victimes, les autres se murent dans le silence
Sunburst: connecting the dots in the DNS requests
Les bons réflexes en cas d’intrusion sur un système d’information.
[MaJ] Présence de code malveillant dans SolarWinds Orion / Version du 23 décembre 2020 – remplace les versions précédentes
Le CERT-FR recommande fortement :
Pour rappel, le CERT-FR a publié un guide à suivre en cas d’intrusion [5].
La mise à jour d’un produit ou d’un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommandé d’effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l’application des mises à jour comme des correctifs ou des changements de version.
23.12.20 – How we ( Kaspersky ) protect our users against the Sunburst backdoor
The detection logic has been improved in all our solutions to ensure that our customers remain protected. We continue to investigate this attack using our Threat Intelligence and we will add additional detection logic once they are required.
Our products protect against this threat and detect it with the following names:
…/…
Lire l’intégralité de l’article sur :
28.12.20 – Vulnérabilité dans SolarWinds Orion API
11.01.21 – Sunburst backdoor – code overlaps with Kazuar
On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; instead, they gave it an unknown, temporary moniker – “UNC2452”.
This attack is remarkable from many points of view, including its stealthiness, precision targeting and the custom malware leveraged by the attackers, named “Sunburst” by FireEye.
In a previous blog, we dissected the method used by Sunburst to communicate with its C2 server and the protocol by which victims are upgraded for further exploitation. Similarly, many other security companies published their own analysis of the Sunburst backdoor, various operational details and how to defend against this attack. Yet, besides some media articles, no solid technical papers have been published that could potentially link it to previously known activity.
…/…
Views: 33
Subscribe to get the latest posts sent to your email.
Customer Guidance on Recent Nation-State Cyber Attacks
La cyberattaque, qui a commencé à être exploitée au printemps dernier, a visé de nombreuses entités de l’administration américaine, outre des organisations publiques et privées à travers le monde. Potentiellement attribuée à la Russie, il s’agirait de l’une des plus inquiétantes identifiées depuis des années. Une cyberattaque d’envergure touche par ricochet les réseaux de nombreuses administrations et de grandes entreprises dans le monde entier, dont le géant Microsoft. Sunburst : Microsoft concède faire partie des victimes, les autres se murent dans le silenceSunburst: connecting the dots in the DNS requests
On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; instead, they gave it an unknown, temporary moniker – “UNC2452”.
This attack is remarkable from many points of view, including its stealthiness, precision targeting and the custom malware leveraged by the attackers, named “Sunburst” by FireEye.
In a previous blog, we dissected the method used by Sunburst to communicate with its C2 server and the protocol by which victims are upgraded for further exploitation. Similarly, many other security companies published their own analysis of the Sunburst backdoor, various operational details and how to defend against this attack. Yet, besides some media articles, no solid technical papers have been published that could potentially link it to previously known activity.
…/…
Views: 33
Subscribe to get the latest posts sent to your email.
Customer Guidance on Recent Nation-State Cyber Attacks
La cyberattaque, qui a commencé à être exploitée au printemps dernier, a visé de nombreuses entités de l’administration américaine, outre des organisations publiques et privées à travers le monde. Potentiellement attribuée à la Russie, il s’agirait de l’une des plus inquiétantes identifiées depuis des années. Une cyberattaque d’envergure touche par ricochet les réseaux de nombreuses administrations et de grandes entreprises dans le monde entier, dont le géant Microsoft. Sunburst : Microsoft concède faire partie des victimes, les autres se murent dans le silenceSunburst: connecting the dots in the DNS requests
On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; instead, they gave it an unknown, temporary moniker – “UNC2452”.
This attack is remarkable from many points of view, including its stealthiness, precision targeting and the custom malware leveraged by the attackers, named “Sunburst” by FireEye.
In a previous blog, we dissected the method used by Sunburst to communicate with its C2 server and the protocol by which victims are upgraded for further exploitation. Similarly, many other security companies published their own analysis of the Sunburst backdoor, various operational details and how to defend against this attack. Yet, besides some media articles, no solid technical papers have been published that could potentially link it to previously known activity.
…/…
Views: 33
Subscribe to get the latest posts sent to your email.