Skip to main content

Posts

Showing posts with the label orion

What is SolarWinds Orion and why should I care that it was hacked?

Full disclosure: I've been employed by several companies that were customers and/or vendors of SolarWinds. However, I have never been employed by SolarWinds and I was not compensated for this post. On December 13th, digital security firm FireEye published a post to their blog with the comprehensive title " Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor ". The post identified a digitally-signed component of the Orion software, SolarWinds.Orion.Core.BusinessLayer.dll, that contained a backdoor. Multiple signed updates contained additional malware. Traffic from infected hosts was disguised using traffic resembling normal SolarWinds activity and avoided using IPs that were part of non-U.S. netblocks or assignments registered to "bullet proof" hosts that are frequented by criminals. Orion's compromised distribution platform was then leveraged to infect a wide variety of organizations. Accordi