"added detection rules to its defender antivirus. how the attack works here ’ s what it looks like from an attack chain perspective : initial access : attackers were able to silently add malicious code to solarwinds ’ software updates for orion users. these updates were trojanized…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1606.002SAML Tokens
93%
". additional research by microsoft indicates that in some instances, attackers were able to gain administrative access and even compromise saml token signing certificates — allowing the attacker to forge saml tokens. forged saml tokens may potentially give access to any privilege…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
88%
"supply chain exploitation of solarwinds orion software | huntress on december 13, fireeye discovered that solarwinds orion products ( versions 2019. 4 hf 5 and 2020. 2 with no hotfix or 2020. 2 hf 1 ) were being exploited by malicious actors. the supply chain attack trojanized so…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
72%
"supply chain exploitation of solarwinds orion software | huntress on december 13, fireeye discovered that solarwinds orion products ( versions 2019. 4 hf 5 and 2020. 2 with no hotfix or 2020. 2 hf 1 ) were being exploited by malicious actors. the supply chain attack trojanized so…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
48%
"whether or not there are any ties to solarwinds n - central or solarwinds rmm. so far, we have only seen evidence of this threat tied to solarwinds orion. in addition, we have created huntress monitored files to identify which endpoints have the backdoored files ( solarwinds. ori…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
46%
"whether or not there are any ties to solarwinds n - central or solarwinds rmm. so far, we have only seen evidence of this threat tied to solarwinds orion. in addition, we have created huntress monitored files to identify which endpoints have the backdoored files ( solarwinds. ori…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
46%
"earlier this morning, only 1 out of 67 antivirus engines listed the sunburst backdoor ( solarwinds. orion. core. businesslayer. dll ) as malicious. screenshot from virustotal taken around 12am et on december 14, 2020 at time of publishing, that ’ s up to 44 out of 70, and the num…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
42%
"supply chain exploitation of solarwinds orion software | huntress on december 13, fireeye discovered that solarwinds orion products ( versions 2019. 4 hf 5 and 2020. 2 with no hotfix or 2020. 2 hf 1 ) were being exploited by malicious actors. the supply chain attack trojanized so…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress covers the breaking news about Solarwinds’ Orion platform being exploited as part of a coordinated attack to distribute malware.