![what is solarwinds hack what is solarwinds hack](https://thehackernews.com/images/-T1eeFirjqG4/YAlp_MHmJqI/AAAAAAAABjY/tv2o5SlcPi40bFmfaH7uuuXfOECfw0S9ACLcBGAsYHQ/s0/hacker.jpg)
Q: SolarWinds published some information on how to detect the backdoor, but how can we be sure that the payload hasn't been updated once the attacker got access to the system?Ī: If the threat actor accessed the system then it is possible they made additional changes to the device, or moved laterally within the network to ensure persistent access. Currently there have been insufficient details published regarding what occurred on organizations that were affected by the second stage of attack.
![what is solarwinds hack what is solarwinds hack](https://images.indianexpress.com/2020/12/Hacking_BLOOMBERG_1.jpg)
![what is solarwinds hack what is solarwinds hack](https://images.radio.com/aiu-media/GettyImages1197780051-8624be6f-1b7e-4239-9762-47d5494b3a68.jpg)
Q: If a company was breached with a vulnerable SolarWinds server, have there been any documented cases where the affected SolarWinds server uploaded a backdoor to the servers it was monitoring on the inside of the company’s network?Ī: It is common for adversaries to move laterally within the network once they've breached an organization, which can involve installing additional backdoors or other means of persistent access beyond the initial SolarWinds device.
What is solarwinds hack software#
SolarWinds and its partners analyzing this compromise would have the most accurate knowledge whether other versions of software are vulnerable to the same or different attacks. Q: What about the other malware Microsoft found hints of when analyzing the compromised software? How can we make sure that other versions of SolarWinds' software haven't been targeted as well?Ī: It is believed that the additional malware discovered by Microsoft is a separate incident to this supply chain attack that was also used to perform targeted attacks on companies. Q: Are SolarWinds TFTP and SCP (tools available as free downloads) impacted?Ī: It is believed that only the SolarWinds Orion platform was affected by this supply chain attack. Q: Is the attack similar to NotPetya in 2017?Ī: Yes, and recently we are finding that there are ties between the two.
What is solarwinds hack code#
The code got inserted on their build server, in their build process as early as October 2019. Q: Is there any information from SolarWinds on how they were initially compromised?Ī: We don’t know, and as far as we have been tracking, they have not said. The questions below were asked by real BitSight customers during a recent webinar surrounding the SolarWinds hack, and were answered by a BitSight team made up of Stephen Boyer, Co-Founder and CTO, Jake Olcott, VP of Communications and Government Affairs, and Dan Dahlberg, Director of Security Research. The SolarWinds hack, discovered in late 2020 when FireEye announced it had been targeted through a third party vulnerability, has now become one of the most widespread and impactful supply chain attacks in history.Īs more information is gathered about where and when the SolarWinds hack originated and how security teams might have acted differently to prevent the hack, we asked our BitSight experts to answer some of your most pressing SolarWinds questions.