Detecting the presence of the attack

Retrieved 2021-05-20

To avoid insider threats, security strategies call for behavioral profiling and anomaly comparison | 2021-05-20 (Security Magazine)

Retrieved 2021-05-18

CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (FRN)

Retrieved 2021-05-10

State (Sponsored Cyberattacks Aren’t Going Away — Here’s How To Defend Your Organization)

Retrieved 2021-04-30

‘Accelerate change or lose’: Applying Gen. Brown’s action orders to cyberspace education and training

The Ticking Time Bomb in Every Company's Code

Retrieved 2021-04-29

Hunting Hackers: Reducing the Time to Discovery (CSO Online)

Retrieved 2021-04-28

NSA: OT Security Guidance in Wake of SolarWinds Attack

Retrieved 2021-04-26

Supply Chain Compromise (CISA)

Retrieved 2021-04-22

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)

Retrieved 2021-04-20

Feds Find More Malware Tied to SolarWinds Supply Chain Compromise

5 signs a trucking company has been hacked (Commercial Carrier Journal)

More SolarWinds command and control hacking servers found - Security (iTnews)

Retrieved 2021-04-19

Malware Wants to Phone Home. Trinity Cyber Doesn’t Try to Block It

Retrieved 2021-04-16

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)

Snort Blog: Snort rule update for April 15, 2021

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)

Retrieved 2021-04-01

Biden's cyber executive order to include new rules for federal agencies, contractors

Retrieved 2021-03-31

Blackberry Jarvis

The Fortune 500 Companies That Want To Be Hacked (The Tennessee Tribune)

cyber.dhs.gov - Emergency Directive 21 (02)

Retrieved 2021-03-25

Microsoft Safety Scanner Download - Windows security (Microsoft Docs)

Retrieved 2021-03-23

SolarWinds compromise leaves Senate questioning agency cyber defenses (Utility Dive)

CHIRP Tool to Detect SolarWinds Malicious Activity

Retrieved 2021-03-21

CISA releases CHIRP, a tool to detect SolarWinds malicious activitySecurity Affairs

CISA releases CHIRP, a tool to detect SolarWinds malicious activity (TerabitWeb Blog)

Retrieved 2021-03-19

Burnt by SolarWinds attack? US releases tool for post-compromise detection (ZDNet)

GitHub (cisagov/CHIRP: A forensic collection tool written in Python.)

CISA Releases New Tool To Scan For SolarWinds Compromise Activity (My TechDecisions)

U.S. cyber agency releases tool to help SolarWinds Orion defenders (IT World Canada News)

Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)

Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments (CISA)

Retrieved 2021-03-17

TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise (Homeland Security Today)

Why the SolarWinds Attack Easily Slipped by All EDR/EPP Solutions (secblvd)

SolarWinds compromise leaves Senate questioning agency cyber defenses (Cybersecurity Dive)

Retrieved 2021-03-15

Capitol Hill angry over Microsoft’s security upcharge (POLITICO)

Retrieved 2021-03-14

SolarWinds, SUNBURST, and supply chain security.

White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (nyt)

Retrieved 2021-03-09

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

Retrieved 2021-03-03

Microsoft opens CodeQL queries to public after SolarWinds hack

Retrieved 2021-03-01

Sai Huda’s best-selling book Next Level Cybersecurity reveals signals missed in world’s largest hacks such as SolarWinds (EIN Presswire)

SolarWinds Orion Web Performance Monitor (WPM) Remote Detection (Tenable®)

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020 (TI Forense)

Retrieved 2021-02-26

Microsoft Releases Queries for SolarWinds Attack Detection

Microsoft shares tool to hunt for compromise in SolarWinds breach (CyberScoop)

SolarWinds Plans Cybersecurity Investment After Supply Chain Compromise (ExecutiveBiz)

Microsoft: We've open-sourced this tool we used to hunt for code by SolarWinds hackers (ZDNet)

Microsoft releases open (source CodeQL queries to assess Solorigate compromiseSecurity Affairs)

Microsoft makes CodeQL queries public post SolarWinds attack

MSFT Stock - Microsoft makes CodeQL queries public post SolarWinds attack (Fintech Zoom - World Finance)

Retrieved 2021-02-25

SolarWinds Orion Network Performance Monitor Installed (Windows) (Tenable®)

Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics (Cisco Blogs)

Microsoft shares CodeQL queries to scan code for SolarWinds (like implants)

Microsoft Releases Free Tool for Hunting SolarWinds ...

Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post)

IDX Introduces Cybersecurity Healthcheck to Identify Security...

Microsoft Releases Free Tool for Hunting SolarWinds ...

Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)

Retrieved 2021-02-24

FireEye CEO on how the SolarWinds hack was discovered (CNN Video)

Retrieved 2021-02-18

Apiiro Releases Industry’s First Solution That Detects and Prevents the Attack Used Against Solarwinds

Retrieved 2021-02-17

SolarWinds Hacked From Inside U.S., 100+ Orgs Compromised

Retrieved 2021-02-15

Microsoft: SolarWinds attack took more than 1,000 engineers to create (ZDNet)

Retrieved 2021-02-10

VirusTotal

Retrieved 2021-02-08

VirusTotal

Retrieved 2021-02-02

GitHub (cisagov/Sparrow: Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.)

Retrieved 2021-02-01

Azure-Sentinel/RareProcbyServiceAccount.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2021-01-28

Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too (CoFR)

Retrieved 2021-01-27

Azure-Sentinel/MailPermissionsAddedToApplication.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2021-01-19

Azure-Sentinel/FirstAppOrServicePrincipalCredential.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2021-01-17

Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs

GitHub - fireeye/Mandiant-Azure-AD (Investigator)

Retrieved 2021-01-15

Sunburst Malware Information (FireEye)

Retrieved 2021-01-14

Cybersecurity Pioneer Cyemptive Technologies Cautions Entities About the Depth and Breadth of the Recent SolarWinds Cyber Incident; Provides First Reliable Solution to Address Such Invasive Attacks (bizwire)

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender (MS Security)

Retrieved 2021-01-13

Top SolarWinds risk assessment resources for Microsoft 365 and Azure (CSO Online)

Retrieved 2021-01-12

Cisco Event Response: SolarWinds Orion Platform Software Attack

Retrieved 2021-01-09

SolarWinds Malware Arsenal Widens with Raindrop (tpost)

Retrieved 2021-01-08

CISA: SolarWinds hackers also used password guessing to breach targets (ZDNet)

Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)

Retrieved 2021-01-07

Implications of Russian Hacking of SolarWinds

Gossamer tool aims to defend open source projects against SolarWinds-style supply chain attacks (The Daily Swig)

FireEye's Mandia: 'Severity (Zero Alert' Led to ...)

Retrieved 2021-01-06

DoJ says SolarWinds hackers breached its Office 365 system and read email (ars)

Retrieved 2021-01-05

Azure-Sentinel/ADFSDomainTrustMods.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2020-12-29

SolarWinds Orion: Fixes Aim to Block Sunburst and Supernova

Retrieved 2020-12-28

Using Microsoft 365 Defender to protect against Solorigate (MS Security)

CISA releases Azure, Microsoft 365 malicious activity detection tool

Retrieved 2020-12-23

CrowdStrike Launches Free Tool to Identify & Mitigate Risks in Azure Active Directory (CrowdStrike)

How we protect our users against the Sunburst backdoor (Securelist)

SolarWinds (Understanding & Detecting the SUPERNOVA Webshell Trojan - SentinelLabs)

Q:CYBER spots lateral movement as used in the SolarWinds (Sunburst) calamity | State (insidenova.com)

Retrieved 2020-12-22

Anexinet Exec: Lack Of Monitoring In SolarWinds Hack Is ‘Scary’

SolarWinds Orion/SUNBURST – Armis Can See Impacted Devices & Attacks (secblvd)

Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (secblvd)

Sunburst Malware Optics Rules

Retrieved 2020-12-21

Solorigate AzureAd IOCs

Continue Clean (up of Compromised SolarWinds Software)

Advice for incident responders on recovery from systemic identity compromises (MS Security)

Retrieved 2020-12-20

Azure-Sentinel/SolarWindsPostCompromiseHunting.json at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2020-12-19

Massive SolarWinds hack has big businesses on high alert (CNN)

Retrieved 2020-12-18

OODA Loop (Microsoft says it found malicious software in its systems)

Sygnia Advisory: Detection of Golden SAML attacks

Datto Offers All MSPs Free Scanner To Find Signs Of FireEye, SolarWinds Hack

GitHub (fireeye/sunburst_countermeasures)

SolarWinds SUNBURST Backdoor: Inside the APT Campaign (SentinelLabs)

Retrieved 2020-12-17

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA)

Exclusive-Suspected Russian hacking spree reached into Microsoft -sources (Reuters)

Nuclear weapons agency breached amid massive cyber onslaught (POLITICO)

Microsoft says it was hit in SolarWinds attack, but customer data safe (BI)

SolarWinds Hack ‘One Of The Worst In The Last Decade’: Analyst

Retrieved 2020-12-16

How suspected Russian hackers outed their massive cyberattack (POLITICO)

(1) Itay Cohen on Twitter: "The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds develope

InfoSec Handlers Diary Blog

SolarWinds Post-Compromise Hunting with Azure Sentinel (Microsoft Tech Community)

Trend data on the SolarWinds Orion compromise

Retrieved 2020-12-15

GitHub (fireeye/sunburst_countermeasures)

SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)

FireEye Malware Optics Rules

SolarWinds attack explained: And why it was so hard to detect (CSO Online)

Suspected Russian Hack Said to Have Gone Undetected for Months (WSJ)

Suspected Russia SolarWinds Hack Exposed After FireEye Cybersecurity Firm Found 'Backdoor'

Retrieved 2020-12-13

cyber.dhs.gov - Emergency Directive 21 (01)

Important steps for customers to protect themselves from recent nation-state cyberattacks (Microsoft On the Issues)

Customer Guidance on Recent Nation (State Cyber Attacks – Microsoft Security Response Center)

SolarWinds CyberAttack and FireEye Red Team Tools Coverage

Retrieved 2020-12-12

Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence)

Retrieved 2020-12-08

Unauthorized Access of FireEye Red Team Tools (fireeye)

Retrieved 2020-11-30

Azure-Sentinel/ProcessEntropy.yaml at master · Azure/Azure (Sentinel · GitHub)

Retrieved 2020-11-02

U.S. Cyber Command Expands Operations to Hunt Hackers From Russia, Iran and China (nyt)

Retrieved 2020-08-24

Securing Active Directory: Performing an Active Directory Security Review

Retrieved 2020-05-26

Create a Log Analytics workspace in the Azure portal - Azure Monitor (Microsoft Docs)

Retrieved 2019-09-03

Azure-Sentinel/uncommon_processes.yaml at master · Azure/Azure (Sentinel · GitHub)