![]() We are actively working with law enforcement, the intelligence community, governments, and industry colleagues in our and their investigations. We want to be a part of that solution, which is why we are sharing this information with the broader community, and we will continue to share progress as we assimilate this information into our go-forward practices. The severity and complexity of this attack has taught us that more effectively combatting similar attacks in the future will require an industry-wide approach as well as public-private partnerships that leverage the skills, insight, knowledge, and resources of all constituents. Our concern is that right now similar processes may exist in software development environments at other companies throughout the world. We encourage everyone to visit this blog post, authored by the CrowdStrike team, which provides additional details into these findings and other technical aspects of this attack, and contains valuable information intended to help the industry better understand attacks of this nature.Īs we discussed in our previous post, we hope that this event ushers in a new level of collaboration and information sharing within the technology industry to address and prevent similar attacks in the future. This highly sophisticated and novel code was designed to inject the SUNBURST malicious code into the SolarWinds Orion Platform without arousing the suspicion of our software development and build teams. We have reverse-engineered the code responsible for the attack, enabling us to learn more about the tool that was developed and deployed into the build environment. KPMG and CrowdStrike, working together with the SolarWinds team, have been able to locate the malicious code injection source. If exploited, the perpetrators then had to avoid firewalls and other security controls within the customer’s environment. The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment. ![]() To date, our investigations have not independently verified the identity of the perpetrators.Īnalysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies, and the federal government. government and many private-sector experts have stated the belief that a foreign nation-state conducted this intrusive operation as part of a widespread attack against America’s cyberinfrastructure. Highly sophisticated and complex malware designed to circumvent threat detectionĪs we and industry experts have noted previously, the SUNBURST attack appears to be one of the most complex and sophisticated cyberattacks in history. The security of our customers and our commitment to transparency continue to guide our work in these areas and going forward. ![]() We recognize the software development and build process used by SolarWinds is common throughout the software industry, so we believe that sharing this information openly will help the industry guard against similar attacks in the future and create safer environments for customers. We believe we have found a highly sophisticated and novel malicious code injection source the perpetrators used to insert the SUNBURST malicious code into builds of our Orion Platform software. Today we are providing an update on the investigation thus far and an important development we believe brings us closer to understanding how this serious attack was carried out. As part of that analysis, we are examining how the SUNBURST malicious code was inserted into our Orion Platform software and once inserted, how the code operated and remained undetected. We are working with our counsel, DLA Piper, CrowdStrike, KPMG, and other industry experts to perform our root cause analysis of the attack. As we shared in our recent update, we are partnering with multiple industry-leading cybersecurity experts to strengthen our systems, further enhance our product development processes, and adapt the ways that we deliver powerful, affordable, and secure solutions to our customers. Since the cyberattack on our customers and SolarWinds, we have been working around the clock to support our customers. ![]()
0 Comments
Leave a Reply. |