"SUPERNOVA is not malicious code embedded within the builds of our Orion® Platform as a supply chain attack. SolarWinds has also published information on a separate malware reported by third parties that affects the Orion platform, referred to as SUPERNOVA. The incident was reportedly the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation-state.įireEye has named this malware SUNBURST and published a technical report with detection rules on GitHub.Īccording to FireEye, this newly discovered supply chain attack campaign is believed to be widespread, affecting public and private organizations that use SolarWinds Orion around the world. 2 with no hotfix installed, and 2020.2 HF 1). 13, FireEye confirmed a SolarWinds supply chain attack as the cause of their breach via a malware-laced update for the SolarWinds Orion IT network monitoring software (affected SolarWinds Orion versions 2019.4 HF. Trustwave will continue to be transparent, vigilant and collaborative with the security community to protect organizations from any malicious actors that may attempt to utilize these tools. 22 for our network scanner to detect most of the vulnerabilities that are used by the stolen FireEye tools and the VMware vulnerability that was also used in these attacks (CVE-2020-4006). Trustwave Security Testing for Networks released checks on Dec.Trustwave released a ModSecurity WAF update for the commercial rules that block web-based exploits used by the stolen FireEye tools.Trustwave is continuously monitoring for the unauthorized usage of the stolen FireEye toolsets within our managed customer environments across geographies.18 to Trustwave IDS devices for detecting typical traffic from these tools. Trustwave SEG can also detect email-borne exploits that are used by the FireEye tools (CVE- 2017-11774). 14 to detect the stolen red teaming tools, should they be sent over email. Trustwave Secure Email Gateway (SEG) customers received an update Dec.Trustwave has implemented all FireEye-recommended countermeasures and updates in response to the FireEye red team tool breach.More Security Actions Taking Place by Trustwave: We are diligently monitoring the situation, and when/if those additional details are released, we will immediately update our signatures and actively monitor and detect any indication of the threat actor(s) within our customers' assets. Additional investigation and adherence to responsible and legally required disclosure policies by FireEye will be required in order for a client-specific impact from these events to be further determined.The tactics, techniques and procedures (TTPs) of the threat actor(s) responsible for the breach and indicators of compromise (IOCs) are still being investigated. We commend FireEye for being transparent in their disclosure of the breach and countermeasures in an effort to ensure the security of other organizations across the world.Īt this time, there is no evidence or reason to believe that the FireEye breach or the theft of the red teaming tools has impacted any Trustwave customers or partners.įireEye has also indicated that the attackers attempted to access information on internal systems related to "government customers" specifically, but there has been no evidence of data exfiltration from the affected systems. 8, 2020.Īs you may be aware, FireEye has explicitly stated that malicious attackers have stolen red team tools, both open-source and FireEye developed, which are commonly utilized for ethical hacking engagements. ![]() We wanted to share the plans and procedures we've put in place in response to the FireEye breach that was made public on Dec. 23 to provide more information about Trustwave’s response to the FireEye tools breach and SolarWinds Orion platform compromise, as well as additional clarifications to Trustwave’s non-use of affected versions of SolarWinds Orion. 31 to provide more information about the SUPERNOVA malware and Trustwave product protections. 15 to include more information about Trustwave product protections for the SUNSPOT malware and CVE-2020-10148. 26 to include more information about Trustwave product protections for the Raindrop malware. This blog post was updated March 17 to include information on new Trustwave IDS updates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |