3/4/2023 0 Comments Jetbrains teamcity solarwindsExtensive use of the FNV-1a hashing algorithm to obfuscate malicious code.Īlthough most authorities have named SolarWinds software as the initial way hackers gained access to all of these servers, the New York Times recently reported that investigators are examining the role another software, JetBrains, may have played. The algorithm they used to make the malware “sleep” on the infected network (aka a delayed reaction, which is a common ploy for APTs).The algorithm they used to generate the unique victim identifiers.Kaspersky Labs researchers pointed to three (at least) similarities they found between Sunburst and Kuzuar: Security experts have given the malware that breached SolarWinds Orion the name Sunburst (har dee har har), and on Monday, researchers at Kaspersky Labs reported that Sunbursts’s code was “curiously” similar Kuzuar, a piece of malware that first came to light in 2017 and has links to Turla, one of the world’s most advanced hacking groups, whose members speak fluent Russian. Digital forensics appear to point specifically to APT29, also known as CozyBear, a hacking team with ties to the Russian government. While at first, experts were tentative to name Russia as the source of the attack (opting instead for the generic “nation state”), security researchers have since found it more than likely that the attack came from Russia. The biggest question that is ringing in everyone’s mind is “ who did this?” Leave it to 2020 to ruin both solar and winds in one fell swoop. government.Īs the story continues to unfold, information about the SolarWinds hack is slowly dribbling out, and we are getting an incrementally clearer picture of the implications of this attack. Subsequently, it was determined that FireEye’s compromise was actually part of a much larger hack of the cybersecurity company SolarWinds, specifically their IT performance software, Orion.Īs it turns out, SolarWinds Orion was being utilized by hundreds of high-profile companies (think Fortune 500, because most of them were), as well as large and important branches of, yes that’s right the U.S. FireEye’s offerings are often used in conjunction with Microsoft’s suite of products, and Microsoft confirmed the hack after FireEye announced it. In case you’ve been living under a rock (and really, who could blame you, after the year we’ve had?), here’s what you need to know: in late 2020, the cybersecurity company FireEye announced that it had been compromised through a supply-chain attack (for a fun explanation of what that is, refer back to the first part of this story). This article is the second part of an ongoing story relating to the FireEye and SolarWinds hack that took place in late 2020. Exclusive: Claim a 50% off on our cybervisibility assessment reports here.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |