This is further borne out when you look at the list of victims. The sophistication of the initial breach of SolarWinds’ systems, the complexity of the Trojan code, the exploitation of a zero-day vulnerability, and the technically-demanding methods of avoiding detection post-compromise all point to the perpetrators being a state-sponsored Advanced Persistent Threat group. The malware has been named SUNBURST by cyber security researchers at FireEye. Just like the bar code scanner app, the updates were used to distribute the malware to existing customers. These updates were issued between March and June 2020. The tainted DLL was included in SolarWinds Orion versions 2019.4 through 2020.2.1 HF1. They covertly modified a Dynamic Link Library (DLL) called .dll. SolarWinds Orion is a full IT stack monitoring and reporting tool. To provide the detailed, granular information that system administrators require to maintain the effectiveness of the IT resources they are responsible for, the SolarWinds software requires extremely privileged access rights to the network.Īs with the bar code scanner, the SolarWinds software wasn’t the target-it was just the delivery mechanism. SolarWinds create and sell monitoring and management software for corporate networks. The SolarWinds hack is similar but in an altogether different league. To the threat actors, it was probably a cheap and easy way to get access to 10 million smartphones. Presumably, the cost of purchasing the app was viewed as a running cost of the scam, to be recouped from their criminal profits. They bought the app, modified its code, and sent it out as an update. Its strong user base made it a convenient transport mechanism to drop their malware on up to 10 million smartphones. The bar code scanner app had been singled out as a good purchase by the threat actors. The hitherto innocent bar code scanner was now a Trojan.
ORION SOLARWINDS ICON UPDATE
But the update they expected to provide bug fixes and new features actually compromised their handset. The app was trusted by those who already had it installed, so an update would raise no concerns. The new owners had modified the code of the scanner app to include malware.
ORION SOLARWINDS ICON INSTALL
Links and buttons to download and install further apps would cascade over their screen. Their default browser would open on its own. It was sold to a new owner, Ukraine-based “The Space Team”, at the end of 2020.įollowing an update of the app, users were plagued by adverts. The bar code scanner had been published for several years and had a healthy installed base of 10 million users. Or the application you are installing has itself been compromised and now harbors malicious code.Ī recent example is a bar code scanner app that was removed from the Google Play app store. You think you are installing one application but in fact, there are stowaways in the installation routine that get installed at the same time. Trojan software carries a hidden malicious payload.
ORION SOLARWINDS ICON HOW TO
Here’s what happened, and how to stay safe. The threat actors conducted a supply chain attack using compromised SolarWinds software. Federal agencies and global organizations were compromised in a long-term, state-sponsored cyberattack.
0 kommentar(er)
