Select Page

Several products in Solarwind's Orion program have been affected by a supply chain attack that has led to data theft.

 

Hackers planted backdoor in the software

A supply chain attack involves infiltrating part of the production stage of software. A backdoor can then be inserted into the source code so external ones can send with malicious code. Examples of targets with this type of attack could be stealing data for extortion or installing ransomware on the victim's devices.

In the case of the attack on Solarwind's Orion program, here, their "build" server has been compromised where the server program has been discreetly modified to enable attackers to monitor the system. The malicious code that was installed on the server is called "Sunspot". A then undetected vulnerability must then be added to the product source code.
The product versions that were developed on the infected server then became infected with malware themselves due to the added vulnerability. This malicious code is called "Sunburst". Ignorant customers who used these compromised versions risked having their data stolen and sent to the attackers.
The attackers could later choose which targets were considered interesting. The interesting targets were then exposed to one of the Trojans known as "Teardrop" and "Raindrop", which also instructed Sunburst to remove himself so as not to be discovered. Raindrop and Teardrop are similar but the latter is believed to have been used more sparingly.

When publishing this article still under investigation the attack on Solarwinds for more components.

 

How to act on and prevent supply chain attacks

It is not obvious that you as a company can be exposed to supply chain attacks. CYPRO can help your company to be protected against, among other things, supply chain attacks.

The appreciated that many of Solarwind's 33000 customers may have been affected by these attacks. How do you protect your company's resources from similar attacks?

CYPRO offers several different security solutions. click here to book a free consultation.

 

By Ludwig Wideskär, CYPRO