Resources for the SolarWinds Breach

RiskRecon’s analysis of nearly 140,000 SUNBURST C2 subdomains reveals 129 distinct entities potentially signaling to the SUNBURST command and control servers, ranging from defense contractors to the United Nations. This blog post details the analysis conducted by the RiskRecon team including the Data Sources and Methodology.

RiskRecon is making the list of potentially impacted entities available to risk professionals. If you would like to receive the data file containing the list of the companies identified, along with the associated data, please click the learn more button and our Customer Support team can validate your request.

This article from ARS Technica discusses the tactics used in the SolarWinds supply chain hack and goes through some of the identified areas of the federal government which will have long-lasting security effects.

Krebs on Security provides in-depth coverage on the possible ecosystem of the breach that could affect as many as 18,000 SolarWinds customers.

FireEye's Threat Research team put together a write describing the global intrusion campaign that impacted their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.

This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”.