Obligatory Tuesday SolarWinds update – I will be batching these up until a threshold of size hits. This hit that mark for me.
The company has revealed more, and calls it a “highly sophisticated and complex malware designed to circumvent threat detection “. The company has determined that the threat actor accessed SolarWinds on Sept 4, 2019. The test code was injected on Sept 12, and their testing ended November 4th. SUNBURST was compiled and deployed on February 20th, 2020, with the DLL available to customers on March 26th. The Threat Actor themselves removed the malware from build VMs on June 4th.
Kaspersky has said that the backdoor is tied to Turla, a hacking group that operates on behalf of Russians’ FSB security service.
Why do we care?
I’m so far impressed by the openness of SolarWinds. Tt has to stay that way to be sure. They have to overcorrect – a lot – to stay viable. The openness lets them position to embrace security best practices going forward. That’s what we’re watching for.
The Russians are behind this, so says the US government and so says the Russian based cyber security company. Nation state is the key takeaway – that’s an adversary on a whole other level.
Just having the answers to customer questions the reason we care right now. Be informed.