The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security vendors as well as a number of US government entities and other victims targeted as part of attacks involving the compromised SolarWind Orion IT software.
In this paper is a summary of what we currently know about the high-profile SolarWinds Orion/ECLIPSER attacks and our recommendations on some possible Securonix predictive indicators/security analytics to increase your chances of detecting the current/future variants of the attacks involving the stolen tools as well as leveraging some of the known and unknown associated attack vectors/CVEs.