Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks

Threat Research

The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security vendors as well as a number of US government entities and other victims targeted as part of attacks involving the compromised SolarWind Orion IT software.

In this paper is a summary of what we currently know about the high-profile SolarWinds Orion/ECLIPSER attacks and our recommendations on some possible Securonix predictive indicators/security analytics to increase your chances of detecting the current/future variants of the attacks involving the stolen tools as well as leveraging some of the known and unknown associated attack vectors/CVEs.