This post is also available in: 日本語 (Japanese)
Conclusion
The protections in place for our customers are continually being updated for this related threat activity and for all threats that are identified in the wild. Customers should know that Unit 42 researchers are working diligently to ensure protections are in place for our entire product ecosystem.
While Palo Alto Networks has deployed effective countermeasures to help protect customers, there are some additional safeguards organizations leveraging SolarWinds can take:
- Identify all SolarWinds servers inside your organization, isolate them from the rest of the network and block internet-facing traffic from them.
- Search for indicators of the SUNBURST, TEARDROP and BEACON malware in network and endpoint logs.
- Evaluate SolarWinds’ Guidelines for future system updates, found in the Additional Resources section
There’s been a litany of press surrounding this event, with several sources releasing information, including SolarWinds. A selection of key information is listed in the section below.
Appendix
Additional Resources
- CISA released announcement
- SolarWinds Security Advisory
- Securing your Orion Platform instance
- SolarWinds SEC filing
- Threat Brief: FireEye Red Team Tool Breach
- A Timeline Perspective of the SolarStorm Supply Chain Attack
Indicators of Compromise (IOCs)
freescanonline[.]com
deftsecurity[.]com
thedoccloud[.]com
websitetheme[.]com
highdatabase[.]com
incomeupdate[.]com
databasegalore[.]com
panhardware[.]com
zupertech[.]com
Virtualwebdata[.]com
virtualdataserver[.]com
digitalcollege[.]org
lcomputers[.]com
webcodez[.]com
deftsecurity[.]com
globalnetworkissues[.]com
kubecloud[.]com
seobundlekit[.]com
solartrackingsystem[.]net
a7240d8a7aee872c08b915a58976a1ddee2ff5a8a679f78ec1c7cf528f40deed
5fabe36fb1da700a1c418e184c2e5332fe2f8c575c6148bdac360f69f91be6c2
e9e646a9dba31a8e3debf4202ed34b0b22c483f1aca75ffa43e684cb417837fa
b9cf6fbde82839e15413595a50aeb1044a8f4e3be180c42436e11675c22cf914
02f47b88caa73d607d820d258cd9f167ed266af99a62e10c9220a7e0228cf53e
c0fc006ffa92d0111197f8e3a1d2ba06a326eddc3d0b28111727df8e52805cf8
b05640e8f35761435e3cf22524136808a891304f10ec9f354eb9decc43cb617e
32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
ac1b2b89e60707a20e9eb1ca480bc3410ead40643b386d624c5d21b47c02917c
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d
118189f90da3788362fe85eafa555298423e21ec37f147f3bf88c61d4cd46c51
Updated Jan. 15, 2021, at 4:45 p.m. PT.
|
1 |
Get updates from
Palo Alto
Networks!
Sign up to receive the latest news, cyber threat intelligence and research from us
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.