It seems as though we have not seen the last of the attacker, who on December 14th, 2020, breeched the Orion platform in SolarWinds software.
According to Malwarebytes:
“We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”
Malwarebytes is a trusted name in cybersecurity. Although they do not utilize SolarWinds software in their company, they and other companies like Microsoft have been affected by it. They thank security companies, such as CrowdStrike and FireEye for their efforts in vividly recounting attacks publicly in hopes to avoid further issues.
Crowdstrike shared that malware coming from activity, called StellerParticle included SUNSPOT. SUNSPOT had been added to certain software builds (such as SolarWinds) as a backdoor. It then acted discreetly while replacing different source files with malware.
“The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers.”
Source: Crowdstrike
For help with computer security issues, call us at 1-800-620-5285. Karls Technology is a nationwide computer service company with offices in many major cities. This blog post was brought to you from our staff at the Denver Computer Repair Service. If you need computer repair in Denver, CO please call or text the local office at (720) 441-6460.