January 22, 2021 Sin comentarios

FireEye publishes information about the SolarWinds attack

This week, the cybersecurity firm FireEye has released a
report detailing in depth the techniques used by the cybercriminals
who attacked SolarWinds.

In addition to the report, FireEye researchers have
released a free tool on GitHub called Azure AD Investigator, this
a tool that, according to the researchers,, could potentially detect if the
SolarWinds cybercriminals used any of their techniques
within networks.

Let's remember that the attack suffered by SolarWinds was published
for the first time on 13 December 2020, where a threat actor managed to
access to the SolarWinds software provider network and corrupted the application
Orion with malware.

The malware injected into Orion was Sunburst, which collected
information about the infected companies. Of the nearly 18.000 customers of
SolarWinds who installed the corrupted version of Orion, a small percentage
of them were selected by the attackers, to these chosen ones
a second strain of malware known as Teardrop was implemented. Once
infected with this second strain, the attackers used various techniques
to escalate access within the target's local network and to the resource of the
cloud, mainly focusing on breaching the infrastructure of
Microsoft 365.

The report published by FireEye contains 35
páginas e indica con gran detalle y profundidad como estos delincuentes informáticos
consiguieron violar las infraestructuras de sus víctimas sin ser detectados.
In addition, FireEye ha indicado que aun con el nivel de sofisticación y evasión utilizadas
por los delincuentes informáticos, las técnicas utilizadas por estos son detectables
y defendibles. Indican que fue la capacidad de FireEye para detectar estas técnicas
en sus propias redes lo que llevaron a la empresa a investigar una brecha
interna para posteriormente descubrir el incidente de SolarWinds.

Además de la aplicación lanzada por parte de FireEye,
CrowdStrike ha publicado la CRT mientras que la Agencia de Seguridad de Infraestructura
y Ciberseguridad de EE.UU (CISA) ha publicado Sparrow, dos herramientas con objetivos
similares de detección de actividad ilegal en redes comprometidas.

Leave a Reply

Your email address will not be published. Required fields are marked *

More news
Vimeo sufre una brecha de datos
Read more »
Booking.com suffers a data exfiltration of bookings
Read more »
La franquicia de gimnasios Basic-Fit sufre una exfiltración de datos
Read more »
New wave of scams using AI-cloned voices
Read more »
Una brecha en la Comisión Europea salpica unas treinta instituciones
Read more »