Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks

Download

The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security vendors as well as a number of US government entities and other victims targeted as part of attacks involving the compromised SolarWind Orion IT software.

In this paper is a summary of what we currently know about the high-profile SolarWinds Orion/ECLIPSER attacks and our recommendations on some possible Securonix predictive indicators/security analytics to increase your chances of detecting the current/future variants of the attacks involving the stolen tools as well as leveraging some of the known and unknown associated attack vectors/CVEs.

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors...
2023 Threat Landscape Retrospective
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers...
Securonix Threat Research Security Advisory: Analysis of Ongoing...