SOLARWINDS CASE STUDY WITH
COMPLETE SOLUTIONS
SolarWinds Breach - Correct Answers -December 2020
December 8: Cybersecurity Firm, FireEye announces that there has been a hacked and
their security testing tools were stolen
Dec 13: Reuters reported their emails belonging to the U.S Treasury and Commerce
Department were compromised
Dec 14: Washing post reported a large scale cyber breach stemming from compromised
SolarWinds Software Update
Unprecedented supply-chain breach - Correct Answers -18,000 customers of SolarWind
installed compromised patch
U.S Federal agencies and large public companies affected
What is SolarWinds? - Correct Answers -A texas-based company that specializes in IT
system management tools
SolarWinds Orion (targeted product) - Correct Answers -A NMS(Network Management
systems)
Typically runs on administrative privileges on the host and has access to most of the
network devices and systems within an organization
Stages of attack - Correct Answers -1) Attackers compromised SolarWinds Software
build environment and planted Sunspot malware
2)Sunspot embedded Sunburst malware into SolarWinds Orion updates
3) Compromised updates were downloaded and installed
4) Sunburst creates a backdoor
5) Sunburst backdoor contacts CC1 and sends system info. Attack command through
CC1
COMPLETE SOLUTIONS
SolarWinds Breach - Correct Answers -December 2020
December 8: Cybersecurity Firm, FireEye announces that there has been a hacked and
their security testing tools were stolen
Dec 13: Reuters reported their emails belonging to the U.S Treasury and Commerce
Department were compromised
Dec 14: Washing post reported a large scale cyber breach stemming from compromised
SolarWinds Software Update
Unprecedented supply-chain breach - Correct Answers -18,000 customers of SolarWind
installed compromised patch
U.S Federal agencies and large public companies affected
What is SolarWinds? - Correct Answers -A texas-based company that specializes in IT
system management tools
SolarWinds Orion (targeted product) - Correct Answers -A NMS(Network Management
systems)
Typically runs on administrative privileges on the host and has access to most of the
network devices and systems within an organization
Stages of attack - Correct Answers -1) Attackers compromised SolarWinds Software
build environment and planted Sunspot malware
2)Sunspot embedded Sunburst malware into SolarWinds Orion updates
3) Compromised updates were downloaded and installed
4) Sunburst creates a backdoor
5) Sunburst backdoor contacts CC1 and sends system info. Attack command through
CC1
