In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Bambenek, tell the story of one of the largest and most complicated supply chain attacks in history: SolarWinds
On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software.
Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate.
The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate.
The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.