Ciex, Inc - SolarWinds

About this site

Previous work

Work History

Projects

Past projects

Malware used in the attack

Understanding CVE-2024 (28999: Race Condition Vulnerability in SolarWinds Platform)

Multiple Vulnerabilities in SolarWinds Platform June 4th 2024 (Tenable®)

Retrieved 2024-04-18

Understanding the Impact of CVE-2024 (29003 on the SolarWinds Platform)

Retrieved 2023-10-23

SolarWinds Patches High-Severity Flaws in Access Rights Manager (SecurityWeek)

Retrieved 2022-05-19

SolarWinds Orion Platform 2020.2.0 < 2020.2.6 Multiple Vulnerabilities - Nessus (InfosecMatter)

Retrieved 2021-12-23

White House national security adviser asks software companies to discuss cybersecurity (Reuters)

White House national security adviser asks software companies to discuss cybersecurity

White House national security adviser asks software ...

Retrieved 2021-12-21

SolarWinds Orion sql injection [CVE-2021 (35234] – Yet Another News Aggregator Channel)

CVE-2021-35234 (SolarWinds Orion sql injection)

CVE-2021-35248 (SolarWinds Orion Settings access control)

SolarWinds Trust Center Security Advisories (CVE-2021-44228)

Remote code execution in SolarWinds Database Performance Analyzer (Apache Log4j component)

Retrieved 2021-12-17

The new PseudoManuscrypt malware puts over 35,000 PCs at risk (TheDigitalHacker)

Retrieved 2021-12-15

Nobelium gang malware evolves one year after SolarWinds

Retrieved 2021-10-27

CVE-2021-35235 (SolarWinds Kiwi Syslog Server ASP.NET Debugging information disclosure)

Retrieved 2021-09-30

New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack

Retrieved 2021-09-29

‘Tomiris’ Backdoor Linked to SolarWinds Malware (tpost)

House passes legislation to strengthen federal cybersecurity workforce (hill)

Tomiris backdoor and its connection to Sunshuttle and Kazuar (Securelist)

Retrieved 2021-09-27

Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers

Retrieved 2021-07-30

Experts Uncover Several C&C Servers Linked to WellMess Malware (News Nation USA)

Retrieved 2021-06-29

Hackers Disguise Rootkit as Microsoft Drivers

Microsoft admits certifying a driver loaded with rootkit malware, says 'small number' of customers compromised by SolarWinds hackers (HITBSecNews)

Retrieved 2021-06-28

Microsoft accidentally approved malware that could spy on Windows users

Investigating and Mitigating Malicious Drivers (Microsoft Security Response Center)

Retrieved 2021-06-01

Poisoned Installers Found in SolarWinds Hackers Toolkit (Flizzyy News)

NobleBaron (New Poisoned Installers Could Be Used In Supply Chain Attacks - SentinelLabs)

Biden weighs direct action against Russian targets following cyberattacks (WHAM)

Retrieved 2021-05-27

New sophisticated email-based attack from NOBELIUM (MS Security)

Retrieved 2021-05-26

Microsoft has discovered yet more SolarWinds malware | #microsoft | #hacking (#cybersecurity - National Cyber Security News Today)

Retrieved 2021-05-06

Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise

Retrieved 2021-04-30

More US agencies potentially hacked, this time with Pulse Secure exploits (ars)

CISA: 5 Agencies Using Pulse Secure VPNs Possibly Breached

Retrieved 2021-04-28

Another top VPN is reportedly being used to spread the SolarWinds hack

APT actors increasingly turn to exploits to launch attacks (TahawulTech.com)

Security News in Review: Emotet Uninstalled Worldwide; Babuk “Goes Dark” (secblvd)

Retrieved 2021-04-27

Well (known VPN used to steal credentials on SolarWinds servers)

An APT Group Exploits VPN to Deploy Supernova on SolarWinds Orion (Cyware Alerts - Hacker News)

Another SolarWinds lesson: Hackers are targeting Microsoft authentication servers (All Tech News)

APT actors increasingly turn to exploits to launch attacks (ITProPortal)

Retrieved 2021-04-26

CISA warns of theft of credentials via SolarWinds and PulseSecure VPN

Another top VPN is reportedly being used to spread SolarWinds hack (TechRadar)

Retrieved 2021-04-25

SolarWinds hacking campaign puts Microsoft in the hot seat (Columbia Basin Herald)

Microsoft in the hot seat due to SolarWinds hacking campaign (Compsmag)

CISA warns of credential theft via SolarWinds and PulseSecure VPN (VentureBeat)

CISA warns of credential theft via SolarWinds and PulseSecure VPN (Public News)

Retrieved 2021-04-23

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (Times News Express)

When a Ripple Becomes a Wave: Cyberattack Fallout (secblvd)

APT abused Pulse Secure, SolarWinds appliances to plant Supernova webshell on enterprise network

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion (IT Security News)

Supernova Attack Leveraged SolarWinds, Pulse Secure

Analysts Uncover More Servers Used in SolarWinds Attack

Hackers exploit SolarWinds, Pulse Secure for credential theft: Feds - Security (CRN Australia)

SolarWinds hacking campaign puts Microsoft in the hot seat

Supernova Attack Leveraged SolarWinds, Pulse Secure

SUPERNOVA malware discovered on SolarWinds Orion server (Malware Devil)

Retrieved 2021-04-22

CISA Identifies SUPERNOVA Malware During Incident Response (CISA)

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds

US agencies assess Pulse Secure VPN exploitation. New Sunburst infestation found. Facebook shuts down Paletinian spy groups.

cyber.dhs.gov - Emergency Directive 21 (03: pulse secure)

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

CISA Discovers Advanced Malware In VPN Device (Potomac Officers Club)

CISA Finds New Attacker Using Supernova Malware on SolarWinds Orion (Decipher)

Researchers Find New Chunk of SolarWinds Attackers' Infrastructure (Decipher)

Supernova Malware Actors Masqueraded as Remote ...

New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

New analysis uncovers extensive SolarWinds attack infrastructure (TechRadar)

Retrieved 2021-04-20

Feds Find More Malware Tied to SolarWinds Supply Chain Compromise

More SolarWinds command and control hacking servers found - Security (iTnews)

Retrieved 2021-04-18

Samir on Twitter: "if you see an instance of dwDrvInst.exe (unsigned by Solarwinds) running with cmdline like "smartcard -install" that could be a sign of successful RCE exploitation of CVE-2019 (3980 https://t.co/FyZvQ2IYVj https://t.co/8OIarbbqeQ" / Twit)

Retrieved 2021-04-17

NSA: 5 Security Bugs Under Active Nation-State Cyberattack (tpost)

CISA Ties SUPERNOVA Malware to Pulse Secure, SolarWinds Exploits

Retrieved 2021-04-16

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks (Homeland Security Today)

Russian SVR Targets U.S. and Allied Networks

White House: Russians Behind SolarWinds and 5 More Technology Attacks

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (Krebs on Security)

Snort Blog: Snort rule update for April 15, 2021

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? (secblvd)

VirusTotal Community profile for CYBERCOM_Malware_Alert (VirusTotal)

Russian SVR blamed for SolarWinds supply chain compromise, cyber espionage action (Industrial Cyber)

Retrieved 2021-04-15

U.S. Agencies: Russian SolarWinds Hackers Leveraging Five Older Vulnerabilities (My TechDecisions)

Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks > National Security Agency Central Security Service > Article View

US Cyber Command, DHS (CISA release Russian malware samples tied to SolarWinds compromise > U.S. Cyber Command > News)

MAR-10327841-1.v1 – SUNSHUTTLE (CISA)

CISA and CNMF Analysis of SolarWinds (related Malware)

Retrieved 2021-04-05

Supply chain attacks: what we know about the SolarWinds ‘Sunburst’ exploit, and why it still matters (Check Point Software)

Retrieved 2021-04-01

USA to publish detailed analysis of SolarWinds hacking tools

Retrieved 2021-03-31

What We Know (and Don't Know) So Far About the ...

US to publish details on suspected Russian hacking tools used in SolarWinds espionage

Retrieved 2021-03-28

iTWire (SolarWinds speaks out, and software dev can never be the same again)

Retrieved 2021-03-26

SolarWinds Experimenting With New Software Build ... (Go Decrypt)

Raindrop Loader delivers Cobalt Strike; SolarWinds - AlienVault (Open Threat Exchange)

Retrieved 2021-03-25

New Code Execution Flaws In Solarwinds Orion Platform (SecurityWeek.Com)

Retrieved 2021-03-22

Three Vulnerabilities Exposed During SolarWinds Attack & How It Could Have Been Prevented (CPO Magazine)

SilverFish: Swiss researchers identify threat actor with links to SolarWinds hack

Retrieved 2021-03-19

Did you get burned by the SolarWinds attack?US Releases Tools for Post-Infringement Detection (Texas News Today)

SolarWinds explainer

Retrieved 2021-03-18

SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests (ZDNet)

Retrieved 2021-03-17

SilverFish Group Threat Actor Report

Retrieved 2021-03-14

SolarWinds, SUNBURST, and supply chain security.

Retrieved 2021-03-11

Be on the Lookout: Impact of SolarWinds Orion Compromise on

There is Still More to SolarWinds Attack (Cyware Alerts - Hacker News)

Microsoft Probing Whether Leak Played Role in Suspected Chinese Hack (WSJ)

Retrieved 2021-03-10

Chinese suspected of two attacks on internet (facing SolarWinds server)

Security researchers discover Supernova web shell activity linked to Chinese hackers | 2021-03-10 (Security Magazine)

Chinese hackers presumably behind SolarWinds hack new evidence revealed (Secure Blink)

Retrieved 2021-03-09

SolarWinds Sunburst backdoor supply chain attack: Why it still matters | Security (ITP.net)

More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)

Researchers Describe a Second, Separate SolarWinds Attack

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

FireEye and Microsoft Uncover More Malware Strains Used in SolarWinds Hack (Toolbox Security)

Retrieved 2021-03-08

GoldMax, GoldFinder, and Sibot, are the 3 new Malwares Used by SolarWinds Hackers (IT Security News)

Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)

Researchers Identify More Malware Used By SolarWinds Hack Group

Security report: Lessons learned investigating the SUNBURST software supply chain attack (ITWeb)

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks (ZDNet)

Chinese hackers targeted SolarWinds customers in parallel with Russian op (ars)

Hackers hiding Supernova malware in SolarWinds Orion linked to China

More clues appear to link Supernova web shell activity to Chinese hackers (TechRadar)

SolarWinds just keeps getting worse: New strain of backdoor malware found in probe (Register)

Retrieved 2021-03-07

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers (Bestgamingpro)

Retrieved 2021-03-06

Second (stage backdoor possibly linked to Solorigate campaign. Hafnium exploits Exchange Server vulnerabilities.)

GoldMax, GoldFinder, and Sibot, 3 new malware used by SolarWinds attackers (IT Security News)

Microsoft Reveals 3 New Malware Variants Relating to SolarWinds Cyberattack

Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet - PressboltNews)

Retrieved 2021-03-05

Microsoft Drops 'Solorigate' for 'Nobelium' in Ongoing SolarWinds Attack Investigations - (Redmondmag.com)

Microsoft discovers more malware used by SolarWinds attacker while FireEye finds new backdoor (IT World Canada News)

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Three New Malware Strains Linked to SolarWinds Hackers (TerabitWeb Blog)

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers (WP Guy News)

Microsoft shares details on three new malware strains used in SolarWinds hack

Second (stage backdoor in SolarWinds compromise victim. Exchange Server exploitation. RedEcho as staging. Leaky clouds.)

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis (Cybersecurity Insiders)

Retrieved 2021-03-04

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (fireeye)

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers (tpost)

Researchers Disclose More Malware Used in SolarWinds Attack

Microsoft, FireEye Uncover More Malware Used in the ...

Microsoft: We've found three more pieces of malware used by the SolarWinds attackers (ZDNet)

CYBERCOM Plays ‘Key Role’ As SolarWinds Unfolds: Gen. Nakasone « Breaking Defense (Defense industry news, analysis and commentary)

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452 (Mandiant)

FireEye finds new malware likely linked to SolarWinds hackers - AlienVault (Open Threat Exchange)

Retrieved 2021-03-02

What happened at SolarWinds? - sunburst in action! (Stinet)

Retrieved 2021-03-01

SolarWinds attack – What is Known and How to Stay Protected (Check Point Software)

Retrieved 2021-02-25

Microsoft Releases Free Tool for Hunting SolarWinds ...

Microsoft failed to shore up defenses that could have limited SolarWinds hack: U.S. senator | Y100 WNCY | Your Home For Country & Fun (Green Bay, WI)

SolarWinds Update: Russian Threat-Actor Re (Used Components from Other)

Retrieved 2021-02-22

Anatomy of the SolarWinds Attack: Five Types of Malware (Blumira)

Retrieved 2021-02-17

Targeting Process for the SolarWinds Backdoor (NETRESEC Blog)

Retrieved 2021-02-12

On SolarWinds, Supply Chains and Enterprise Networks

Retrieved 2021-02-11

Zero Day Initiative — Three More Bugs in Orion’s Belt

Software supply chain attacks – everything you need to know (The Daily Swig)

Symantec Enterprise Podcasts

Retrieved 2021-02-10

VirusTotal

Retrieved 2021-02-08

MAR-10318845-1.v1 - SUNBURST (CISA)

VirusTotal

Retrieved 2021-02-03

3 New Severe Security Vulnerabilities Found In SolarWinds Software

Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities (Trustwave)

More SolarWinds News (Schneier)

More exploitable flaws found in SolarWinds software, says cybersecurity firm

Second SolarWinds Attack Group Breaks into USDA Payroll — Report (tpost)

More SolarWinds News (secblvd)

Retrieved 2021-01-22

New malware uncovered by experts examining SolarWinds strike Blog (Galaxkey)

Retrieved 2021-01-21

Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

Microsoft: This is how the sneaky SolarWinds hackers hid their onward attacks for so long (ZDNet)

Here's How SolarWinds Hackers Stayed Undetected for Long Enough

Retrieved 2021-01-20

Microsoft Releases New Info on SolarWinds Attack Chain

Retrieved 2021-01-19

A New SolarWinds Malware Strain Is Discovered

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Fourth malware strain discovered in SolarWinds incident (ZDNet)

Retrieved 2021-01-18

Raindrop: New Malware Discovered in SolarWinds Investigation (Symantec Blogs)

Retrieved 2021-01-14

SolarWinds Cyber (Attack Affects Developers and Contractors)

Retrieved 2021-01-13

Sunspot malware scoured servers for SolarWinds builds to trojanize them

Retrieved 2021-01-12

Cyberespionage campaign hits Colombia. New malware found in the SolarWinds incident. Mimecast certificates compromised. Ubiquiti tells users to reset passwords. Two wins for the good guys.

Third malware strain discovered in SolarWinds supply chain attack (ZDNet)

SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there (report • The Register)