SOLARWINDS CASE STUDY WITH COMPLETE SOLUTIONS, Exams of Advanced Education

SOLARWINDS CASE STUDY WITH COMPLETE SOLUTIONS

Typology: Exams

2025/2026

Available from 03/21/2026

EXAMGOODS
EXAMGOODS 🇺🇸

5

(1)

4.2K documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SOLARWINDS CASE STUDY WITH
COMPLETE SOLUTIONS
SolarWinds Breach - Correct Answers -December 2020
December 8: Cybersecurity Firm, FireEye announces that there has been a hacked and
their security testing tools were stolen
Dec 13: Reuters reported their emails belonging to the U.S Treasury and Commerce
Department were compromised
Dec 14: Washing post reported a large scale cyber breach stemming from compromised
SolarWinds Software Update
Unprecedented supply-chain breach - Correct Answers -18,000 customers of SolarWind
installed compromised patch
U.S Federal agencies and large public companies affected
What is SolarWinds? - Correct Answers -A texas-based company that specializes in IT
system management tools
SolarWinds Orion (targeted product) - Correct Answers -A NMS(Network Management
systems)
Typically runs on administrative privileges on the host and has access to most of the
network devices and systems within an organization
Stages of attack - Correct Answers -1) Attackers compromised SolarWinds Software
build environment and planted Sunspot malware
2)Sunspot embedded Sunburst malware into SolarWinds Orion updates
3) Compromised updates were downloaded and installed
4) Sunburst creates a backdoor
pf3

Partial preview of the text

Download SOLARWINDS CASE STUDY WITH COMPLETE SOLUTIONS and more Exams Advanced Education in PDF only on Docsity!

SOLARWINDS CASE STUDY WITH

COMPLETE SOLUTIONS

SolarWinds Breach - Correct Answers -December 2020 December 8: Cybersecurity Firm, FireEye announces that there has been a hacked and their security testing tools were stolen Dec 13: Reuters reported their emails belonging to the U.S Treasury and Commerce Department were compromised Dec 14: Washing post reported a large scale cyber breach stemming from compromised SolarWinds Software Update Unprecedented supply-chain breach - Correct Answers -18,000 customers of SolarWind installed compromised patch U.S Federal agencies and large public companies affected What is SolarWinds? - Correct Answers -A texas-based company that specializes in IT system management tools SolarWinds Orion (targeted product) - Correct Answers -A NMS(Network Management systems) Typically runs on administrative privileges on the host and has access to most of the network devices and systems within an organization Stages of attack - Correct Answers -1) Attackers compromised SolarWinds Software build environment and planted Sunspot malware 2)Sunspot embedded Sunburst malware into SolarWinds Orion updates

  1. Compromised updates were downloaded and installed
  2. Sunburst creates a backdoor
  1. Sunburst backdoor contacts CC1 and sends system info. Attack command through CC
  2. Sunburst backdoor contacts CC
  3. Beacon dropper downloaded from CC
  4. Cobalt strike beacon installed
  5. beacon reports to CC
  6. Attacker performed malicious actions such as: -Stealing credentials -lateral movements to other systems, etc
  7. Attacker gained access to emails and data on the cloud using stolen credentials Timeline - Correct Answers - Sep 4 - Attackers start to access Solar winds Sep 12 - attackers start to inject test code Nov 4 - Attackers stop injecting test code 2020 Feb 20 - Solarigate backdoor is complied and deployed March -distribution of Solarigate backdoor (Distribution of SunBurst and target-profiling) May - Actual hands-on-keyboard attacks (activation of TearDrop) June 4 - Attackers remove malware from SolarWinds build environment (continued hands-on-keyboard activity) Dec 12 - Solarigate supply chain attack disclosed Notable Characteristic - Correct Answers -Highly sophisticated, well-funded Stealthy, targeted operation for a prolonged period Largest known supply chain attack