CodeMonkey: Is this how the US TREASURY got hacked? The timing matches – (Additonal dig on SolarWinds Orion)…

---

Is this how the US TREASURY got hacked?
The timing matches.. https://t.co/MSgJ7yxoFY

— Ron (@CodeMonkeyZ) December 14, 2020

Who is ‘SolarWinds Orion‘? It gets interesting…

Global Headquarters
Austin, Texas

Number of Employees
3,200+ worldwide

Customers Worldwide
320,000+ in 190 countries, including 499 of the Fortune 500®
22,000+ MSPs serving over 450,000 organizations

https://t.co/h12vnkKVUb

— Jim Nator (@NatorJim) December 14, 2020

From the tweet above (just in case you don’t want to open that link):

Threat Research
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

• We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452.
• FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST.
• The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.
• The campaign is widespread, affecting public and private organizations around the world.
• FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are found on our public GitHub page. FireEye products and services can help customers detect and block this attack.