{"id":115282,"date":"2020-12-16T08:48:26","date_gmt":"2020-12-16T16:48:26","guid":{"rendered":"\/blogs\/?p=115282"},"modified":"2024-06-25T22:54:49","modified_gmt":"2024-06-26T05:54:49","slug":"sunburst-malware-and-solarwinds-supply-chain-compromise","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/","title":{"rendered":"SUNBURST Malware and SolarWinds Supply Chain Compromise"},"content":{"rendered":"<p><em>Part I of II<\/em><\/p>\n<h2>Situation<\/h2>\n<p>In a <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\" target=\"_blank\" rel=\"noopener noreferrer\">blog post released 13 Dec 2020, FireEye disclosed<\/a> that threat actors compromised SolarWinds\u2019s Orion IT monitoring and management software with a trojanized version of SolarWinds.Orion.Core.BusinessLayer.dll. The trojanized file delivers the SUNBURST malware through a backdoor as part of a digitally-signed Windows Installer Patch. Use of a Compromised Software Supply Chain (T1195.002) as an Initial Access technique is particularly critical as it can go undetected for a long period. FireEye released <a href=\"https:\/\/github.com\/fireeye\/sunburst_countermeasures\" target=\"_blank\" rel=\"noopener noreferrer\">countermeasures<\/a> that can identify the SUNBURST malware.<\/p>\n<p>If you are using SolarWinds software, please refer to the company\u2019s guidance <a href=\"https:\/\/www.solarwinds.com\/securityadvisory\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> to check for vulnerable versions and patch information. McAfee has evaluated the published countermeasures and will continue to analyze further attack indicators. It\u2019s important to note that this was a very sophisticated attack and customers are advised to <a href=\"https:\/\/www.mcafee.com\/en-us\/antivirus\/mcafee-security-scan-plus.html\">assess their overall security architecture<\/a> capability to either prevent, detect or respond to an APT threat. This attack reminds us that in today\u2019s digital enterprise the supply chain includes many diverse elements including but not limited to critical equipment and hardware, cloud software and infrastructure as a service provider and critical IT software. Customers are advised to assess both intellectual property protection and supply chain integrity strategies. Part one of this blog series details initial McAfee defensive guidance and response actions. Part two will describe additional mitigation and solution recommendations.<\/p>\n<h2>Protection Summary<\/h2>\n<p>For the latest information on McAfee see <a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=KB93861\" target=\"_blank\" rel=\"noopener noreferrer\">KB93861<\/a>and subscribe to receive updates. Below is protection summary to date for the known backdoor indicators<\/p>\n<ul>\n<li>GTI Cloud and latest DAT has coverage for known indicators and C2 domains for the backdoor<\/li>\n<li>McAfee Web Gateway can block known C2 domains<\/li>\n<li>McAfee is continuing to review other detection approaches, including Real Protect and Endpoint Detection and Response<\/li>\n<li>McAfee Advanced Threat Researchers continue to hunt for new indicators. Intelligence updates will be made available in MVISION Insights<\/li>\n<li>Signatures are available for Network Security Platform to detect network indicators of compromise<\/li>\n<\/ul>\n<p>McAfee Labs will continue analysis for any known indicators associated with this attack and update product protection accordingly.\u00a0 Furthermore, analysis is underway to analyse the behavioural components of the campaign and ensure product efficacy considers protection beyond static measures such as signatures.<strong>\u00a0<\/strong><\/p>\n<h2>Threat Intelligence Summary<\/h2>\n<p><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/lp\/insights-preview.html\" target=\"_blank\" rel=\"noopener noreferrer\">MVISION Insights<\/a> is tracking the campaign as <u>SolarWinds Supply Chain Attack Affecting Multiple Global Victims with SUNBURST Backdoor. \u00a0<\/u>Customers can view the <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/lp\/insights-preview.html\">public version<\/a> of MVISION Insights for the latest attack details, prevalence, techniques used and indicators of compromise.<\/p>\n<p>Insights provides the indicators used by SUNBURST. The indicators will continue to update based on automated collection and human analysis. You can use the indicators to hunt on your network.\u00a0 Note: This will be updated as new indicators are verified.<\/p>\n<p>Insights outlines the MITRE Att&amp;ck techniques used by SUNBURST. You can use MITRE Att&amp;ck framework to asses defensive capability across your security architecture.<\/p>\n<h2>HUNTING FOR THE BACKDOOR INDICATORS<\/h2>\n<p>One of the first initial response actions should be to hunt for known indicators of the attack. You can use MVISION EDR or MAR to search endpoints for SUNBURST backdoor indicators as provided by Microsoft and FireEye. See the search syntax below. If you are licensed for MVISION Insights this query will take place automatically. Additional defensive guidance will be published in an upcoming blog.<\/p>\n<p>&nbsp;<\/p>\n<p>Begin MVEDR Query Syntax\u2026<\/p>\n<p>&nbsp;<\/p>\n<p>Files name, full_name, md5, sha256, created_at, create_user_name, create_user_domain and HostInfo hostname, ip_address, os and LoggedInUsers username, userdomain where Files sha256 equals &#8220;ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c&#8221; or Files sha256 equals &#8220;c09040d35630d75dfef0f804f320f8b3d16a481071076918e9b236a321c1ea77&#8221; or Files sha256 equals &#8220;eb6fab5a2964c5817fb239a7a5079cabca0a00464fb3e07155f28b0a57a2c0ed&#8221; or Files sha256 equals &#8220;dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b&#8221; or Files sha256 equals &#8220;32519685c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77&#8221; or Files sha256 equals &#8220;d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600&#8221; or Files sha256 equals &#8220;53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7&#8221; or Files sha256 equals &#8220;019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134&#8221; or Files sha256 equals &#8220;ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6&#8221; or Files sha256 equals &#8220;32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77&#8221; or Files sha256 equals &#8220;292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712&#8221; or Files sha256 equals &#8220;c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>&#8230;End MVEDR Query Syntax<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p>You should also search McAfee Web Gateway logs (or other network and SIEM logs) for communication to command and control domains or IP addresses, particularly those categorized as \u201cMalicious Sites\u201d below. Continue to check MVISION Insights for new domains and URLs.<strong>\u00a0<\/strong><\/p>\n<h2>What\u2019s Next<\/h2>\n<p>It\u2019s important to note that ongoing analysis will be critical to understand how the attackers will adapt and what additional mitigation is required. This will be a continuous process and we expect to add multiple updates to <a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=KB93861\" target=\"_blank\" rel=\"noopener noreferrer\">KB93861<\/a>. Additionally, customers should follow <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Labs<\/a> posts, check <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/lp\/insights-preview.html\" target=\"_blank\" rel=\"noopener noreferrer\">Insights Public<\/a> Dashboard for latest threat intelligence, and continually check the <a href=\"https:\/\/support.mcafee.com\/webcenter\/portal\/supportportal\/pages_knowledgecenter?startover=true&amp;pageTemplate=null\" target=\"_blank\" rel=\"noopener noreferrer\">Knowledge Center<\/a> for latest product guidance. Part two of this blog will cover defensive capabilities and controls in more depth.<\/p>\n<h2>Additional McAfee Threat Intel Resources<\/h2>\n<h3><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/lp\/insights-preview.html\" target=\"_blank\" rel=\"noopener noreferrer\">Insights Trending Campaigns<\/a><\/h3>\n<p>Every week Insights Preview highlights the top emerging threats and campaigns based on ATR Operational Intelligence collection and analysis.<\/p>\n<h3><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/lp\/covid-19-dashboard.html\" target=\"_blank\" rel=\"noopener noreferrer\">Atlas Dashboard<\/a><\/h3>\n<p>Follow the latest COVID Threat statistics on the public Atlas Dashboard. \u00a0For more information about how a customer can utilize Atlas and Intelligence as a Service from APG, speak to your McAfee Account Manager for a Threat Intel Briefing and Workshop.<\/p>\n<h3><a href=\"https:\/\/www.mcafee.com\/enterprise\/ko-kr\/threat-center\/mcafee-labs\/reports.html\" target=\"_blank\" rel=\"noopener noreferrer\">Threat Research<\/a><\/h3>\n<p>McAfee Labs and Advanced Threat Research teams produce regular research reports with the latest threat intelligence statistics and trends. Please share the reports with customers.<\/p>\n<h3><a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Threat Intelligence Blogs<\/a><\/h3>\n<p>Review and Share our external blogs that feature deeper malware analysis and explanations on emerging threats and attack campaigns.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s&#8230;<\/p>\n","protected":false},"author":787,"featured_media":93271,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4601],"class_list":["post-115282","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-16T16:48:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-26T05:54:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1365\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mo Cashman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mo Cashman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\"},\"author\":{\"name\":\"Mo Cashman\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\"},\"headline\":\"SUNBURST Malware and SolarWinds Supply Chain Compromise\",\"datePublished\":\"2020-12-16T16:48:26+00:00\",\"dateModified\":\"2024-06-26T05:54:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\"},\"wordCount\":1064,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\",\"name\":\"SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg\",\"datePublished\":\"2020-12-16T16:48:26+00:00\",\"dateModified\":\"2024-06-26T05:54:49+00:00\",\"description\":\"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg\",\"width\":2048,\"height\":1365},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"SUNBURST Malware and SolarWinds Supply Chain Compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\",\"name\":\"Mo Cashman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"caption\":\"Mo Cashman\"},\"description\":\"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog","description":"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog","og_description":"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2020-12-16T16:48:26+00:00","article_modified_time":"2024-06-26T05:54:49+00:00","og_image":[{"width":2048,"height":1365,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg","type":"image\/jpeg"}],"author":"Mo Cashman","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Mo Cashman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/"},"author":{"name":"Mo Cashman","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816"},"headline":"SUNBURST Malware and SolarWinds Supply Chain Compromise","datePublished":"2020-12-16T16:48:26+00:00","dateModified":"2024-06-26T05:54:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/"},"wordCount":1064,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/","name":"SUNBURST Malware and SolarWinds Supply Chain Compromise | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg","datePublished":"2020-12-16T16:48:26+00:00","dateModified":"2024-06-26T05:54:49+00:00","description":"Part I of II Situation In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds\u2019s Orion IT monitoring and","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2018\/12\/Cyber-security-concept-circuit-board-with-Closed-Padlock.jpg","width":2048,"height":1365},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/sunburst-malware-and-solarwinds-supply-chain-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"SUNBURST Malware and SolarWinds Supply Chain Compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816","name":"Mo Cashman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","caption":"Mo Cashman"},"description":"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.","url":"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/787"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=115282"}],"version-history":[{"count":6,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115282\/revisions"}],"predecessor-version":[{"id":195312,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115282\/revisions\/195312"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/93271"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=115282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=115282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=115282"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=115282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}