FireEye has uncovered a malicious campaign that gains access to victims via trojanized updates to Orion, SolarWinds’ IT monitoring and management software.
While the fireworks are only visible to us now, the fuse for this malicious campaign was lit in March 2020. SUNBURST is the product of highly evolved cyber criminals that resulted with significant lateral movement and data theft.
Nationwide Damages
The malicious campaign that compromised just one piece of the SolarWinds IT toolkit potentially gained access to multiple entities nationwide including government agencies, telecommunications companies, top accounting firms and big players from the private sector. Unfortunately, this still only represents a small piece of the extraordinary array of possible SolarWinds’ customers.
SUNBURST Backdoor: ‘update is available, click here to download’
In the spring of 2020 IT staff got a pop up notification from a trusted popular software provider to install a new update and so with one click around 18,000 customers across various government and private organizations downloaded the update and with that the silent game began.
Little did they know that the new update came with a Trojan, secret malicious code, that stayed in their system silently for a couple of weeks, just observing while the victims carried on with their hardworking jobs oblivious to the threat. When the time was just right, SUNBURST sprang into action inside thousands of computer networks in government, technology and telecom organisations across North America, Europe, Asia and the Middle East opening the door for its creator to enter as well. According to BBC the damages are not yet known, but for months the professional cyber criminal team could spy and keep on stealing information of different organisations worldwide.
|
DFIR Guide
Download our DFIR Guide and learn more how you can elevate your incident response processes.

|
|
SUNBURST: It’s time to take an initiative
Attacks of this nature don’t just affect the infected organisations, they also deal a blow to the entire cyber-security space by undermining trust in our solutions and planting seeds of doubt in users’ minds.
At Binalyze, our core mission is to help our users and the DFIR community to respond faster. As part of this mission we have decided to give support to SUNBURST damaged entities and we hope that this initiative will be supported by other cyber security vendors and professionals.