<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1703665079923990&amp;ev=PageView&amp;noscript=1">

SolarWinds Breach Updates | Ascend Technologies

SolarWinds Breach Updates | Ascend Technologies

SolarWinds Orion Breach Updates
Posted by ASCEND TECHNICAL TEAM on 12/13/20 10:00 PM

<< Back to Blog

As news of the SolarWinds Orion security breach continues to develop, the Ascend Technologies security team is closely monitoring updates and evaluating the impact on organizations like yours. This feed will be updated frequently with breaking news and expert insights directly from our Security Operations Centers (SOCs).

If your organization utilizes SolarWinds Orion and you have concerns about the security of your network, feel free to reach out to us — we're here to help.


  January 20, 2021  

SolarWinds Hackers Access Malwarebytes' Office 365 Emails

https://www.crn.com/news/security/solarwinds-hackers-access-malwarebytes-office-365-emails


  January 19, 2021  

The SolarWinds Hackers Used Tactics Other Groups Will Copy

https://www.wired.com/story/solarwinds-hacker-methods-copycats/


  January 8, 2021  

New SolarWinds CEO Discloses Three Security Priorities

https://www.channele2e.com/technology/security/new-solarwinds-ceo-discloses-three-security-priorities/

 

SolarWinds hires Krebs, Stamos as Cybersecurity Consultants After Orion Hack

https://www.msspalert.com/cybersecurity-talent/solarwinds-hires-krebs-stamos-as-cybersecurity-consultants-after-orion-hack/

"Definitely a good call hiring Krebs and Stamos. Both have a lot of experience with dealing with nation state level attacks. I would imagine Stamos specifically has some good intel on Russia-specific TTPs from his work with Facebook on the disinformation campaigns from the 2016 election.

While the rabbit hole continues to get deeper on the scope of the overall breach, to me at least, its starting to look like this attack is about direct and targeted access to information held by departments of the US government and high profile organizations that work very closely with those departments."

— Derrick, Ascend Technologies SOC 3 Security Analyst

 

Sealed U.S. court records possibly accessed by SolarWinds attackers

https://www.helpnetsecurity.com/2021/01/08/sealed-court-records-accessed-solarwinds-attackers/


  December 18, 2020  

Microsoft president calls SolarWinds hack an “act of recklessness”

https://arstechnica.com/information-technology/2020/12/only-an-elite-few-solarwinds-hack-victims-received-follow-on-attacks/

Recent cyberattack victims by vector:

Information Technology = 44%

Government = 18%

Think tank / NGO = 18%

Gov Contractor = 9%

Other = 11%


  December 17, 2020  

Microsoft confirms it was also breached in recent SolarWinds supply chain hack

https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/

"The vast majority of these victims are US government agencies, such as:
- The US Treasury Department
- The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
- The Department of Health's National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
- The National Nuclear Security Administration (NNSA) (also disclosed today)
- The US Department of Energy (DOE) (also disclosed today)
- Three US states (also disclosed today)
- City of Austin (also disclosed today)"

— Highlighted from article

 

US under cyber attack believed to be tied to Russia: Private sector, infrastructure, all levels of government at risk

https://www.usatoday.com/story/news/politics/2020/12/17/ongoing-cyberattack-poses-grave-risk-government-private-sector/3946658001/

"This was definitely a sophisticated operation with specific targets. The attackers had the potential of causing serious damage to 18K environments that were running the affected versions of Orion. From the decoding of the DGA URLs, it's looking like around 300 machines were calling out to the command and control servers. According to some heavy hitters on the front lines, the attackers took their time in weighing risk VS reward and made sure whatever they did was going to count."

— Derrick, Ascend Technologies SOC 3 Security Analyst


 
  December 14, 2020  

Solarwinds Security Advisory

https://www.solarwinds.com/securityadvisory

"To help detect any possible misuse of the Orion platform in client environments, Ascend is currently curating a list of known Indicators of Compromise (IoCs) from various threat reports and building alerts for them in our security tools. Ascend Technologies does not utilize Orion in our service offerings, but we are actively building our detection capabilities for cybersecurity clients who may utilize Orion from another vendor. As this is still a developing situation, we will update our response tactics as we (and the security world at large) continue to investigate."

— Ascend Technologies SOC Team


 
  December 13, 2020  

Threat Research: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

 

US agencies hacked in monthslong global cyberspying campaign

https://apnews.com/article/us-agencies-hacked-global-cyberspying-e8a2e819f7cc6982f6a72f8c85209b72

 

<< Back to Blog

Posted in Incident Response, Managed Security, Financial, Alerts, MSPs, Technical, Energy, Cybersecurity