About this site

Previous work

Projects

   

   

   

   

   

   

   

   

   

   

Analysis of the attack

Retrieved 2023-10-30

  • What to know about the SEC’s case against SolarWinds (wapo)
  • Retrieved 2023-05-03

  • SolarWinds: The Untold Story of the Boldest Supply-Chain Hack (WIRED)
  • Retrieved 2022-04-18

  • Lessons Learned from Cyberattacks on Critical Infrastructure (Toolbox It-security)
  • Retrieved 2022-02-09

  • Ten Questions We Hope the Cyber Safety Review Board Answers—and Three It Should Ignore (Lawfare)
  • Retrieved 2021-12-08

  • A Year After the SolarWinds Hack, Supply Chain Threats Still Loom (WIRED)
  • Retrieved 2021-09-07

  • Inside the response to the massive Russian SolarWinds hack (Axios)
  • Retrieved 2021-09-03

  • Attacks against SolarWinds Serv (U SW were possible due to the lack of ASLR mitigationSecurity Affairs)
  • Retrieved 2021-08-25

  • SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom (Lawfare)
  • Retrieved 2021-07-08

  • FERC and NERC Publish Whitepaper on SolarWinds and Related Supply Chain Compromise (Akin Gump Strauss Hauer & Feld LLP - JDSupra)
  • Retrieved 2021-07-07

  • SolarWinds and Related Supply Chain Compromise (Federal Energy Regulatory Commission)
  • FERC, NERC whitepaper warns of supply (chain risk)
  • SolarWinds and Related Supply Chain Compromise
  • Retrieved 2021-05-20

  • 12 Lessons Learned From The SolarWinds Breach: RSA Conference
  • Retrieved 2021-05-16

  • Subscribe to read (FT)
  • Retrieved 2021-05-14

  • Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable (California News Times)
  • Retrieved 2021-04-30

  • A Tale of Two Hacks: From SolarWinds to Microsoft Exchange (tpost)
  • Retrieved 2021-04-16

  • How Russia Used SolarWinds To Hack Microsoft, Intel, Pentagon, Other Networks : NPR
  • Retrieved 2021-03-31

  • US to publish details on suspected Russian hacking tools used in SolarWinds espionage
  • Retrieved 2021-03-22

  • House Lawmakers Ask Agencies to Provide More Details on SolarWinds Hack
  • Retrieved 2021-03-19

  • Solarwinds Orion Attack
  • Swiss Firm Says It Has Accessed Servers of a SolarWinds Hacker (Bloomberg)
  • Swiss Cybersecurity Firm Reveals Vital Details of Solarwinds Hackers (KoDDoS Blog)
  • Retrieved 2021-03-09

  • Was SolarWinds a Different Type of Cyber Espionage? (Lawfare)
  • Retrieved 2021-03-04

  • The danger in calling the SolarWinds breach an ‘act of war’
  • China’s and Russia’s Spying Sprees Will Take Years to Unpack (WIRED)
  • DIB Take Note: SolarWinds Hack and DHS CISA Emergency Directive on Cyber Vulnerabilities Point to the Need to be Prepared for APTs (Lexology)
  • Retrieved 2021-02-23

  • Essays: Why Was SolarWinds So Vulnerable to a Hack? (Schneier)
  • Understanding the Results of the Audit of the DoD FY 2020 Financial Statements > Department of Defense Office of Inspector General > DoD OIG Reports
  • Retrieved 2021-02-22

  • N-able: The Path Forward for the Former SolarWinds MSP (ChannelE2E)
  • Lessons Learned from a Cyberattack: A Conversation with SolarWinds (Part 1 of 2) (Center for Strategic and International Studies)
  • Retrieved 2021-02-19

  • 5 minutes with Michael Bahar - The aftermath of the SolarWinds Orion breach | 2021-02-19 (Security Magazine)
  • Retrieved 2021-02-18

  • Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code (ZDNet)
  • Microsoft Internal Solorigate Investigation – Final Update (Microsoft Security Response Center)
  • Retrieved 2021-02-16

  • The "largest and most sophisticated hack ever" - The Backstory with Matt Bevan - RN Breakfast (ABC Radio National)
  • Retrieved 2021-02-15

  • Cybersecurity experts say U.S. needs to strike back after SolarWinds hack
  • Microsoft says it found 1,000 (plus developers' fingerprints on the SolarWinds attack • The Register)
  • Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)
  • Former top cybersecurity official on why U.S. intelligence missed Russia's SolarWinds hack
  • Retrieved 2021-02-14

  • SolarWinds hack was 'largest and most sophisticated attack' ever: Microsoft president (Reuters)
  • Retrieved 2021-02-12

  • On SolarWinds, Supply Chains and Enterprise Networks
  • Retrieved 2021-02-11

  • 7 Things We Know So Far About the SolarWinds Attacks
  • Retrieved 2021-02-09

  • Experts laud SolarWinds post-attack efforts, but why’d it take a massive cyber incident to make changes? (FRN)
  • Retrieved 2021-02-08

  • SolarWinds Fallout: Practices to strengthen data protection - (GCN)
  • MAR-10318845-1.v1 - SUNBURST (CISA)
  • Retrieved 2021-02-05

  • Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack (The Daily Swig)
  • Retrieved 2021-02-04

  • Another SolarWinds Orion Hack (Schneier)
  • SolarWinds chases multiple leads in breach investigation
  • Retrieved 2021-02-03

  • More SolarWinds News (Schneier)
  • Findings From Our Ongoing Investigations (Orange Matter)
  • Continuing Our Journey to Becoming Secure by Design (Orange Matter)
  • More exploitable flaws found in SolarWinds software, says cybersecurity firm
  • More SolarWinds News (secblvd)
  • Retrieved 2021-02-02

  • Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’
  • Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says (WSJ)
  • Retrieved 2021-02-01

  • Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)
  • SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat (tpost)
  • Audit of DoD Actions Taken to Protect DoD Information Network Resulting From the SolarWinds Orion Compromise
  • Retrieved 2021-01-29

  • Security Advisory FAQ (SolarWinds)
  • Retrieved 2021-01-28

  • Russia’s SolarWinds Attack and Software Security (Schneier)
  • Retrieved 2021-01-27

  • Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)
  • Retrieved 2021-01-25

  • Hackers exploit U.S. Agency Supply Chain (IT Security Guru)
  • Retrieved 2021-01-24

  • Validating the SolarWinds N-central “Dumpster Diver” Vulnerability | by Kyle Hanslovan (Huntress)
  • Retrieved 2021-01-22

  • ConnectWise Control MSP Security Vulnerabilities Are ‘Severe:’ Bishop Fox
  • Retrieved 2021-01-21

  • Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long (ZDNet)
  • Retrieved 2021-01-20

  • SolarWinds Hackers Access Malwarebytes’ Office 365 Emails
  • Microsoft Releases New Info on SolarWinds Attack Chain
  • Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop (MS Security)
  • Retrieved 2021-01-19

  • Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)
  • Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
  • Retrieved 2021-01-16

  • A closer look at the SolarWinds hack (Cyprus Mail)
  • Retrieved 2021-01-15

  • Sunburst Malware Information (FireEye)
  • SolarWinds Close to Figuring Out How Cyberattack Occurred
  • SolarWinds Says It’s Closer to Finding Source of Cyberattack
  • Retrieved 2021-01-14

  • SolarWinds defense: How to stop similar attacks (ZDNet)
  • Retrieved 2021-01-13

  • Sunspot malware scoured servers for SolarWinds builds to trojanize them
  • SolarWinds aftermath continues with SolarLeaks (Blueliv)
  • Retrieved 2021-01-12

  • SolarWinds Says It Has Found Source of Massive Cyberattack (TheStreet)
  • Austin's SolarWinds closer to understanding source of massive breach
  • UNC2452: What We Know So Far
  • Third malware strain discovered in SolarWinds supply chain attack (ZDNet)
  • Retrieved 2021-01-11

  • SUNSPOT Malware: A Technical Analysis (CrowdStrike)
  • New Findings From Our Investigation of SUNBURST (Orange Matter)
  • Sunburst backdoor – code overlaps with Kazuar (Securelist)
  • Researchers Find Links Between Sunburst and Russian Kazuar Malware
  • Retrieved 2021-01-09

  • SolarWinds Malware Arsenal Widens with Raindrop (tpost)
  • Retrieved 2021-01-08

  • SolarWinds to pay former CEO US$312K to assist with investigations - Software (CRN Australia)
  • CEO Refutes Reports of Involvement in SolarWinds Campaign (Infosecurity Magazine)
  • Continuous Updates: Everything You Need to Know About the SolarWinds Attack (SecurityWeek.Com)
  • Retrieved 2021-01-07

  • SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack
  • SolarWinds hack: Who’s to blame? It’s complicated. (TechBeacon)
  • SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar (Symantec Blogs)
  • Retrieved 2021-01-06

  • Widely Used Software Company May Be Entry Point for Huge U.S. Hacking (nyt)
  • Life After the SolarWinds Supply Chain Attack
  • We Should Have Known SolarWinds Would Be a Target (CoFR)
  • Retrieved 2021-01-05

  • Severe SolarWinds Hacking: 250 Organizations Affected?
  • Latest on the SVR’s SolarWinds Hack (Schneier)
  • SolarWinds attack: CrowdStrike says no impact
  • SolarWinds Breach is the Rule, Not an Exception (secblvd)
  • Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) (CISA)
  • Essays: The Solarwinds Hack Is Stunning. Here’s What Should Be Done (Schneier)
  • Retrieved 2021-01-04

  • SolarWinds: The more we learn, the worse it looks (ZDNet)
  • SolarWinds Breach ‘Much Worse’ Than Feared (SDxCentral)
  • SolarWinds hack poses risk to cloud services' API keys and IAM identities
  • The Grim Lessons of the SolarWinds Breach (reason)
  • Solar Winds Blow Hard (secblvd)
  • Microsoft downplays threat after admitting SolarWinds attackers accessed source code (The Daily Swig)
  • Retrieved 2021-01-03

  • The threats arising from the massive SolarWinds hack (CBS News)
  • How to Get Rich Sabotaging Nuclear Weapons Facilities (BIG by Matt Stoller)
  • Retrieved 2021-01-02

  • As Understanding of Russian Hacking Grows, So Does Alarm (nyt)
  • Retrieved 2021-01-01

  • GitHub - Azure/Azure-Sentinel: Cloud (native SIEM for intelligent security analytics for your entire enterprise.)
  • Retrieved 2020-12-31

  • Security Advisory (SolarWinds)
  • Microsoft Internal Solorigate Investigation Update (Microsoft Security Response Center)
  • This Week In Security: Deeper Dive Into SolarWinds, Bouncy Castle, And Docker Images (Hackaday)
  • Retrieved 2020-12-30

  • Learning from SolarWinds: Five steps to fortify your cloud supply chain | Article (Compliance Week)
  • Retrieved 2020-12-29

  • Op (ed: What nobody else will say about the new cybersecurity crisis)
  • Agencies scrambling to get a grip after SolarWinds hack (FRN)
  • Extracting Security Products from SUNBURST DNS Beacons (NETRESEC Blog)
  • Retrieved 2020-12-28

  • How did SolarWinds' massive data breach go undetected for months? (YouTube)
  • SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph (secblvd)
  • Analysis: The Impact of SolarWinds Hack (BankInfoSecurity)
  • In wake of SolarWinds and Vietnam, more supply chain attacks expected 2021 (scmedia)
  • Russia’s SolarWinds Attack (Schneier)
  • Retrieved 2020-12-27

  • Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist
  • Retrieved 2020-12-26

  • A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
  • SolarWinds releases updated advisory for new SUPERNOVA malware
  • Retrieved 2020-12-24

  • Here's a simple explanation of the SolarWinds hack (BI)
  • SolarWinds hack: Cybersecurity company calls for more transparency with what happened (KXAN Austin)
  • SUNBURST Additional Technical Details (fireeye)
  • Retrieved 2020-12-23

  • SolarWinds Compromise May Have Begun 5 Months Earlier Than Suspected
  • solorigate_sample_source/OrionImprovementBusinessLayer.cs at main · Shadow0ps/solorigate_sample_source (GitHub)
  • SolarWinds hack exploited weaknesses we continue to tolerate (FT)
  • Experts say SolarWinds hack could impact Kern County businesses
  • The Facts and Mysteries About Russia’s Hack of the U.S.
  • Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers (CNNPolitics)
  • Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are (CyberScoop)
  • Cloud infrastructure is not immune from the SolarWinds Orion breach (Ermetic)
  • SolarWinds roundup: Fixes, new bad actors, and what the company knew (Network World)
  • From the Solarwinds supply chain attack (Golden Chain Bear) to see the covert operations in APT operations
  • Retrieved 2020-12-22

  • Staring at the Sun: Thoughts on UNC2452, SUNBURST, SolarWinds and Road Ahead (Prevailion)
  • SolarWinds: What It Means & What’s Next
  • Everything we know about the Solarwinds Hack! (Updated!) (YouTube)
  • The SolarWinds hack, and the danger of arrogance (scmedia)
  • Florida Investigating Server Hacking Through SolarWinds Software
  • Prevasio: Sunburst Backdoor, Part III: DGA & Security Software
  • Azure AD workbook to help you assess Solorigate risk (Microsoft Tech Community)
  • A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
  • Infosec pros warned of second SolarWinds Orion vulnerability (IT World Canada News)
  • Retrieved 2020-12-21

  • Top Expert Backgrounder: Russia’s SolarWinds Operation and International Law
  • A second hacking group has targeted SolarWinds systems (ZDNet)
  • Advisory for SolarWinds Orion Vulnerabilities (secblvd)
  • Advanced Persistent Threat Actors Leverage SolarWinds Vulnerabilities
  • All about the suspected Russian cyberattack that Microsoft has called ‘moment of reckoning’
  • VMware Issues Updated Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
  • Retrieved 2020-12-20

  • FireEye CEO: Hack was "totally unique," "utte... (CBS News)
  • SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security (YouTube)
  • Retrieved 2020-12-19

  • NATO Checking Systems After US Cyberattack (SecurityWeek.Com)
  • Prevasio: Sunburst Backdoor, Part II: DGA & The List of Victims
  • Russia's SolarWinds Hack Is the Big One (BoonWorks)
  • Retrieved 2020-12-18

  • Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers (MS Security)
  • Hackers last year conducted a 'dry run' of SolarWinds breach
  • US cyber-attack: Cybersecurity agency warns suspected Russian hacking campaign broader than previously believed (CNNPolitics)
  • Alex Stamos on Twitter: "@VickerySec So far, all of the activity that has been publicly discussed has fallen into the boundaries of what the US does regularly and what we explicitly excluded from the Obama (Xi deal. If we are going to set new red lines, th)
  • Alex Stamos on Twitter: "There is a long history of "trickle down" effects in cyber, where a technique honed by a major player becomes commonplace. China's 2000s APTs -> Iran/DPRK/teenagers in the 2010s. Stuxnet ->smart ransomware. If supply (chain a)
  • SolarWinds Should Have Been More ‘Vigilant’: Palo Alto Networks CEO
  • SolarWinds Scandal Calls Attention to Supply Chain Security
  • DOE Update on Cyber Incident Related to Solar Winds Compromise (DOE)
  • Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims (tpost)
  • Bill That Trump Is Vowing to Veto Strengthens Hacking Defenses, Lawmakers Say (nyt)
  • Sunburst: connecting the dots in the DNS requests (Securelist)
  • Hackers last year conducted a 'dry run' of SolarWinds breach
  • SolarWinds Likely Hacked at Least One Year Before Breach Discovery (SecurityWeek.Com)
  • Reassembling Victim Domain Fragments from SUNBURST DNS (NETRESEC Blog)
  • SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)
  • What we know – and still don’t – about the worst-ever US government cyber-attack | Hacking (Guardian)
  • NSA on Authentication Hacks (Related to SolarWinds Breach) (Schneier)
  • VMware Issues Statement on SolarWinds Supply Chain Compromise and CVE 2020 (4006)
  • SANS Institute (Newsletters - NewsBites)
  • Retrieved 2020-12-17

  • The SolarWinds Orion SUNBURST supply-chain Attack (TRUESEC Blog)
  • SUPERNOVA: A Novel .NET Webshell, an Analysis
  • Cyber attack may be ‘worst in the history of America’ (LV Jrnl)
  • More on the SolarWinds Breach (Schneier)
  • SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst
  • Retrieved 2020-12-16

  • How suspected Russian hackers outed their massive cyberattack (POLITICO)
  • GitHub (RedDrip7/SunBurst_DGA_Decode: SunBurst DGA Decode Script)
  • (1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope
  • SunBurst: the next level of stealth
  • SolarWinds: Why the Sunburst hack is so serious (BBC News)
  • SUNBURST – SolarWinds® Orion® IT Management Platform Security Advisory (ServerCentral Turing Group)
  • SolarWinds said no other products were compromised in recent hack (ZDNet)
  • The SolarWinds and US government breach is not a marketing opportunity (ZDNet)
  • SunBurst_DGA_Decode/decode.py at main · RedDrip7/SunBurst_DGA_Decode (GitHub)
  • New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
  • FireEye and SolarWinds Cyber Attack Information for Exabeam Customers and Partners
  • Sunburst: Supply Chain Attack Targets SolarWinds Users (Symantec Blogs)
  • Massive hack of US government launches search for answers as Russia named top suspect
  • Retrieved 2020-12-15

  • Hackers at center of sprawling spy campaign turned SolarWinds' dominance against it (Reuters)
  • Kyle Hanslovan on Twitter: "Although their string obfuscation techniques were anything but special, their codebase and domains successfully evaded security scrutiny for nearly a year ¯_(ツ)_/¯. Here are screenshots of some CryptoHelper and ZipHelper cl
  • Prevasio: Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware
  • GitHub (mubix/solarflare: SolarWinds Orion Account Audit / Password Dumping Utility)
  • SolarFlare Release: Password Dumper for SolarWinds Orion :: malicious.link — welcome
  • Russian hack into Treasury, Commerce, DHS raises federal alarms (Axios)
  • Retrieved 2020-12-14

  • Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity)
  • SolarWinds' Orion monitoring platform may have been tampered with by attackers - Security - Software (iTnews)
  • US Treasury and commerce department targeted in cyber-attack (BBC News)
  • 10 Things To Know About The SolarWinds Breach And Its U.S. Government Impact
  • research/uniq (hostnames.txt at main · bambenek/research · GitHub)
  • The SolarWinds Breach: Why Your Work Computers Are Down Today (Lawfare)
  • How bad is the hack that targeted US agencies
  • Quick Thoughts on the Russia Hack (Lawfare)
  • Retrieved 2020-12-13

  • Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor (fireeye)
  • Retrieved 2020-11-30

  • Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)
  • Retrieved 2020-05-26

  • Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)
  • Retrieved 2019-09-03

  • Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)
  • Retrieved 2014-12-03

  • The Art of Finding Cyber-Dinosaur Skeletons (Securelist)