As news of the SolarWinds Orion security breach continues to develop, the Ascend Technologies security team is closely monitoring updates and evaluating the impact on organizations like yours. This feed will be updated frequently with breaking news and expert insights directly from our Security Operations Centers (SOCs).
January 20, 2021
SolarWinds Hackers Access Malwarebytes' Office 365 Emails
https://www.crn.com/news/security/solarwinds-hackers-access-malwarebytes-office-365-emails
January 19, 2021
The SolarWinds Hackers Used Tactics Other Groups Will Copy
https://www.wired.com/story/solarwinds-hacker-methods-copycats/
January 8, 2021
New SolarWinds CEO Discloses Three Security Priorities
SolarWinds hires Krebs, Stamos as Cybersecurity Consultants After Orion Hack
"Definitely a good call hiring Krebs and Stamos. Both have a lot of experience with dealing with nation state level attacks. I would imagine Stamos specifically has some good intel on Russia-specific TTPs from his work with Facebook on the disinformation campaigns from the 2016 election.
While the rabbit hole continues to get deeper on the scope of the overall breach, to me at least, its starting to look like this attack is about direct and targeted access to information held by departments of the US government and high profile organizations that work very closely with those departments."
— Derrick, Ascend Technologies SOC 3 Security Analyst
Sealed U.S. court records possibly accessed by SolarWinds attackers
https://www.helpnetsecurity.com/2021/01/08/sealed-court-records-accessed-solarwinds-attackers/
December 18, 2020
Microsoft president calls SolarWinds hack an “act of recklessness”
Recent cyberattack victims by vector:
Information Technology = 44%
Government = 18%
Think tank / NGO = 18%
Gov Contractor = 9%
Other = 11%
December 17, 2020
Microsoft confirms it was also breached in recent SolarWinds supply chain hack
"The vast majority of these victims are US government agencies, such as:
- The US Treasury Department
- The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
- The Department of Health's National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
- The National Nuclear Security Administration (NNSA) (also disclosed today)
- The US Department of Energy (DOE) (also disclosed today)
- Three US states (also disclosed today)
- City of Austin (also disclosed today)"
— Highlighted from article
US under cyber attack believed to be tied to Russia: Private sector, infrastructure, all levels of government at risk
"This was definitely a sophisticated operation with specific targets. The attackers had the potential of causing serious damage to 18K environments that were running the affected versions of Orion. From the decoding of the DGA URLs, it's looking like around 300 machines were calling out to the command and control servers. According to some heavy hitters on the front lines, the attackers took their time in weighing risk VS reward and made sure whatever they did was going to count."
— Derrick, Ascend Technologies SOC 3 Security Analyst
December 14, 2020
Solarwinds Security Advisory
https://www.solarwinds.com/securityadvisory
"To help detect any possible misuse of the Orion platform in client environments, Ascend is currently curating a list of known Indicators of Compromise (IoCs) from various threat reports and building alerts for them in our security tools. Ascend Technologies does not utilize Orion in our service offerings, but we are actively building our detection capabilities for cybersecurity clients who may utilize Orion from another vendor. As this is still a developing situation, we will update our response tactics as we (and the security world at large) continue to investigate."
— Ascend Technologies SOC Team
December 13, 2020
Threat Research: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
US agencies hacked in monthslong global cyberspying campaign
https://apnews.com/article/us-agencies-hacked-global-cyberspying-e8a2e819f7cc6982f6a72f8c85209b72
