Threats from the Wild - Episode 1: Detecting Future Variants of Sunburst

Threat Research

The SolarWinds/SUPERNOVA attack targeted the National Financial Center (NFC), an agency inside the U.S. Department of Agriculture that reportedly handles payroll for several government organizations, including the State Department, FBI, Treasury Department, and the DHS.

Today, we continue to see new variants of this attack used to evade publicly available detection techniques.

In this session, Oleg Kolesnikov will discuss the attack vectors and highlight techniques and recommendations to protect against the future variants of the attack, including:

– A demonstration of the original SUPERNOVA implant in action.

– A modified variant of the SUPERNOVA implant that can evade some of the public detection approaches.

– What the SolarWinds/SUPERNOVA attack might look like in your logs.

– How to increase the chances of detecting this and future variants of the attacks in your environment.