Why Gartner says network detection and response is key to defend against supply chain attacks. Learn more >

Overview of SolarWinds Supply-chain Attack

What You Should Do About It

  • Disconnect / power down servers running SolarWinds Orion Platform software versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1
  • Apply the Orion 2020.2.1 HF 2 hot fix immediately
  • Identify if either SolarWinds.Orion.Core.BusinessLayer[.]dll or C:\WINDOWS\SysWOW64\netsetupsvc[.]dll exists
  • Ensure traffic to and from hosts with affected SolarWinds Orion software is being blocked
  • Remove any compromised accounts

How to identify compromised accounts?

Attacks have been observed creating new Federation Trusts and performing other types of high-level Azure AD operations to maintain a foothold.

How to discover lateral movement?

Attacks have been using built in Microsoft tools to perform reconnaissance and attempt exploitation.

If You Are a Vectra Customer

As a Vectra customer, we want to assure you, that you are protected by the Cognito Platform from attacks leveraging the reported tactics and techniques.

To learn more about the detections, how they will show up, and what information to search for when threat hunting, please read more on our customer community portal.

Get a No-cost SUNBURST Assessment

If you would like a SUNBURST assessment or have any questions, please complete this form so we can connect you with a Vectra Security Consultant.

This assessment will help you

  • Detect external threat actors performing reconnaissance activity in your network
  • Determine if a threat has made its way in, and where it has propagated — including cloud and data center environments
  • Identify compromised credentials, particularly privilege account abuse