SafeBreach Hacker's Playbook Updated for US-CERT Active Exploitation of SolarWinds Software
US Cert Alerts
SafeBreach Labs has updated the SafeBreach Hacker's Playbook™ with new attack methods for malware samples described in US-CERT Active Exploitation of SolarWinds Software, which addresses a widespread sophisticated supply chain attack of SolarWinds Orion software.
The Russian state-sponsored attackers were able to deploy malware to U.S. Government agencies, as well as numerous public and private sector organizations in multiple countries, by breaching SolarWinds. The hackers stole the SolarWinds digital certificate which opened the door for deploying malware across multiple entities.
The full extent of the attack is still being uncovered. If you have SolarWinds Orion software it is imperative that you investigate to determine if your organization has been attacked. The SafeBreach updated playbook methods will help you assess the possibility of the attack and help you improve your security defenses to prevent attacks that leverage SUNBURST and SUPERNOVA malware campaigns.
Listen to the details of the attack from SafeBreach Labs’ Tomer Bar:
The new attack methods for US-CERT Active Exploitation of SolarWinds Software are already in the SafeBreach Hacker’s Playbook and ready to be run across your simulators. The Known Attack Series report is being updated so you can run the specific attacks from this US-CERT alert. From the Known Attack Series report, select the Campaign - SolarWinds Software Compromise and select Run Simulations which will run all the attack methods.