SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
[email protected]
  • My Binalyze

Binalyze

  • HOME
  • PRODUCTS
    • AIR
    • IREC TACTICAL
    • IREC for Linux
  • DOWNLOADS
  • BLOG
  • FAQ
  • COMPANY
    • ABOUT US
    • OUR TEAM
    • CAREERS
  • CONTACT US
BUYNOW
Emre TINAZTEPE
Thursday, 17 December 2020 / Published in Incident Response

SUNBURST Back Door knocking on the World’s Front Door

FireEye has uncovered a malicious campaign that gains access to victims via trojanized updates to Orion, SolarWinds’ IT monitoring and management software. 

While the fireworks are only visible to us now, the fuse for this malicious campaign was lit in March 2020. SUNBURST is the product of highly evolved cyber criminals that resulted with significant lateral movement and data theft. 

Nationwide Damages 

The malicious campaign that compromised just one piece of the SolarWinds IT toolkit potentially gained access to multiple entities nationwide including government agencies, telecommunications companies, top accounting firms and big players from the private sector. Unfortunately, this still only represents a small piece of the extraordinary array of possible SolarWinds’ customers.

SUNBURST Backdoor: ‘update is available, click here to download’

In the spring of 2020 IT staff got a pop up notification from a trusted popular software provider to install a new update and so with one click around 18,000 customers across various government and private organizations downloaded the update and with that the silent game began. 

Little did they know that the new update came with a Trojan, secret malicious code, that stayed in their system silently for a couple of weeks, just observing while the victims carried on with their hardworking jobs oblivious to the threat. When the time was just right, SUNBURST sprang into action inside thousands of computer networks in government, technology and telecom organisations across North America, Europe, Asia and the Middle East opening the door for its creator to enter as well.  According to BBC the damages are not yet known, but for months the professional cyber criminal team could spy and keep on stealing information of different organisations worldwide.

SUNBURST: It’s time to take an initiative. 

Attacks of this nature don’t just affect the infected organisations, they also deal a blow to the entire cyber-security space by undermining trust in our solutions and planting seeds of doubt in users’ minds.

At Binalyze, our core mission is to help our users and the DFIR community to respond faster. As part of this mission we have decided to give support to SUNBURST damaged entities and we hope that this initiative will be supported by other cyber security vendors and professionals.

Today we are releasing a version of Binalyze AIR with the codename SUNBURST that will enable anyone to identify their exposure to the attack and pinpoint their network vulnerability in under an hour.

This version is available FREE OF CHARGE for 15-days and 25,000 endpoints to help all organizations potentially affected by SUNBURST.

Download AIR Sunburst Edition for Free

Heads up for the DFIR community

To investigate this SUNBURST breach it will take a lot of time, research and financial resources, just when we were getting ready for the Christmas and New Year holidays. Now instead of planning a cosy vacation you have to respond to the biggest breach of the year and plan your DFIR strategies and methods, working hours of overtime trying to manage breach damages.

Binalyze is the fastest evidence collection, triage, and IR investigation platform that now also contains the YARA Rules for SUNBURST thanks to our colleagues at FireEye. We are here to give support to any DFIR community member requesting it that has clients damaged by the hack to help speed up the investigation process and ease your workload.

Over the next few days, we will post videos and blogs sharing DFIR methods and tactics that we believe will be useful to the DFIR community. If you have or had a trojanized version of SolarWinds Orion on your infrastructure, Stroz Friedberg have released this excellent document with advice for a risk-based approach to the situation. Click here for more details.

We are all striving for a safer cyber world and taking our part in this global effort.

Stay safe.

Download AIR Sunburst Edition for Free
Tagged under: digital forensics, Incident Response, remote forensics, timeline

What you can read next

IR Plan
Incident Response Plan
YARA+ : Extending YARA for Incident Response
IREC v2

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

fifteen − two =

Categories

  • Incident Response

Recent Posts

  • Start triage with already set YARA rules for SUNBURST

    3 weeks ago, one of the biggest breaches happen...
    0 comments
  • SUNBURST Back Door knocking on the World’s Front Door

    FireEye has uncovered a malicious campaign that...
    0 comments
  • Meet TimelineIR

    Some History ”Digital forensics is 40 years old...
    0 comments
  • New SOC Approach: Automated Incident Response

    Flood of Alerts Hits SOCs Cyber-attacks are on ...
    0 comments
  • SHIELDing DFIR against CryptoLockers!

    Some History It was around 7 years ago when I a...
    0 comments

NAVIGATION

  • About Us
  • FAQ
  • Contact Us

US OFFICE

Phone: +1 (516) 986-0830
Email: [email protected]

Address: 575 Underhill Blvd. Suite 208 Syosset, NY 11791 USA

Open in Google Maps

EUROPE OFFICE

Phone: +372 712 1345
Email: [email protected]

Address: Narva mnt 5, 10117 Tallinn, Estonia

Open in Google Maps

Binalyze Twitter

23 hours ago@binalyze updated its AIR product containing as well the YARA Rules for SUNBURST thanks to our colleagues at… https://t.co/c6VDYOk1Nc
Follow @binalyze

Payments by Paddle

Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides all customer service inquiries and handles returns.

  • GET SOCIAL
Binalyze

TOP
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok