Search Results

Security Operations

6 Best Practices for SecOps in the Wake of the Sunburst Threat Campaign

1. Attackers have a plan, with clear objectives and outcomes in mind. Do you have one? Clearly this was a motivated and patient adversary. They spent many months in the planning and execution of an attack that was not incredibly sophisticated in its tactics, but rather used multiple semi-novel attack ...

Security Operations

SOCwise Series: Practical Considerations on SUNBURST

This blog is part of our SOCwise series where we’ll be digging into all things related to SecOps from a practitioner’s point of view, helping us enable defenders to both build context and confidence in what they do.  Although there’s been a lot of chatter about supply chain attacks, we’re going to ...

Executive Perspectives

Why SolarWinds-SUNBURST is a Wake up Call

On December 13, 2020, FireEye announced that threat actors had compromised SolarWinds’s Orion IT monitoring and management software and used it to distribute a software backdoor to dozens of that company’s customers, including several high profile U.S. government agencies. Game Changing Attack Vector This campaign is the first major supply ...

McAfee Labs

Additional Analysis into the SUNBURST Backdoor

Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoCs associated with the Sunburst trojan, the focus within the Advanced Threat Research (ATR) team has been to determine the possibility of ...

McAfee Labs

SUNBURST Malware and SolarWinds Supply Chain Compromise

Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use ...

McAfee Labs

A Year in Review: Threat Landscape for 2020

As we gratefully move forward into the year 2021, we have to recognise that 2020 was as tumultuous in the digital realm as it has in the physical world. From low level fraudsters leveraging the pandemic as a vehicle to trick victims into parting with money for non-existent PPE, to ...

McAfee Labs

2021 Threat Predictions Report

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector – the supply chain – that will continue to be exploited. The ever-increasing use of connected devices, apps and web services in our homes will also make us more susceptible to ...

McAfee Labs

How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise

In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that ...

Subscribe to McAfee Securing Tomorrow Blogs