The SolarWinds attack, disclosed by security firm FireEye and Microsoft in December, may have breached as many as 18,000 government and private sector organizations. It has been characterized as the largest and most sophisticated cyber attack the world has ever seen, and was made possible by the Sunburst malware the attackers implanted in legitimate digitally signed DLL files in SolarWinds’ Orion update packages.
ThreatConnect engineer Alexi Valencia has produced a new video that breaks down how the Sunburst attack worked and offers critical insights into how a combination of focused dashboards, automated threat hunting and workflow within ThreatConnect can help threat intelligence analysts and incident responders streamline response processes when Sunburst or other incidents like it occur.
Let’s take a look at a helpful dashboard, which tracks Sunburst malware specific intelligence across all available Intel sources and provides updated counts of pertinent intelligence items, such as incidents, signatures, adversaries, and threats. As new relevant intelligence becomes available, analysts can track things like new incidents and reports specific to Sunburst related tags, as well as any reported indicators of compromise.
Using ThreatConnect to Automate Threat Hunting in Response to the SolarWinds Compromise