![]() ![]() The trojan software was designed to evade detection. They probably knew they had access to their primary targets and wanted to minimize their chances of detection.Įstablishing Command and Control at the Target The attackers then removed their code and covered their tracks. Any customer who installed the update was now infected. Because it was now part of the normal build process the final executables all had the correct SolarWinds verification signature. The result was that for a period of several months in early 2020, every update release of Orion included their backdoor trojan malware. The attackers penetrated SolarWinds software development environment and inserted their own code into the SolarWinds source code repository. A back door into the Orion execution environment is a very good starting point. The first objectives of an attacker are lateral movement and escalated privilege. Third, its processes routinely perform privileged actions. ![]() Second, its users are likely to have high privilege levels. ![]() First, it is at the center of IT operations and inherently has visibility across the network. As an attack vector it has an almost unique combination of three properties. Joe Weiss has described Orion as “ SCADA for networks.” It is especially popular with IT departments at government agencies and large enterprises. Orion is a suite of tools for network management. What follows attempts to provide a clear outline of the campaign that emerges from the published details. The capability, however, is clearly there. To date, there is no evidence ICS systems were targeted. What is clear is that the attackers are highly-skilled and well-resourced. The prevailing opinion is that it is a Russian espionage campaign. The SolarWinds cyberattack has been widely reported on. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |