Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

A Fifth of Sunburst Backdoor Victims from Manufacturing Industry

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,544
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
Nearly a fifth of organizations hit by the Sunburst backdoor emanating from the SolarWinds supply chain attack are from the manufacturing sector, a new analysis from Kaspersky has revealed.

While researchers have already uncovered technical details of the Sunburst backdoor that was embedded in the SolarWinds incident late last year, information of the full impact of the attack is still being investigated. It has been officially confirmed that around 18,000 users may have installed backdoor versions of SolarWinds, potentially leaving them at risk of further attack, but Kaspersky sought to gain more information on the types of organizations affected.

To do so, Kaspersky ICS CERT researchers compiled a list of nearly 2000 readable and attributable domains from available decoded internal domain names obtained from DNS names generated by the Sunburst DomainName Generation Algorithm. This showed that around a third (32.4%) of all victims were industrial organizations, with manufacturing (18.11% of all victims) by far the most affected. This was followed by utilities (3.24%), construction (3.03%), transportation and logistics (2.97%) and oil and gas (1.35%).

The regions in which these industrial organizations were based were wide-ranging, including Benin, Canada, Chile, Djibouti, Indonesia, Iran, Malaysia, Mexico, the Netherlands, the Philippines, Portugal, Russia, Saudi Arabia, Taiwan, Uganda and the US.

Maria Garnaeva, senior security researcher at Kaspersky, commented: “The SolarWinds software is highly integrated into many systems around the globe in different industries and, as a result, the scale of the Sunburst attack is unparalleled – a lot of organizations that had been affected might have not been of interest to the attackers initially. While we do not have evidence of a second-stage attack among these victims, we should not rule out the possibility that it may come in the future. Therefore, it is crucial for organizations that may be victims of the attack to rule out the infection and make sure they have the right incident response procedures in place.”

The cybersecurity firm advised that possible victims of the SolarWinds compromise should check whether they have installed backdoored versions and look out for known indicators of compromise, as displayed in CISA’s Alert AA20-35A.

As the fallout of the high profile incident continues, earlier this week several more cybersecurity vendors revealed that they were attacked by the same threat actors that compromised SolarWinds
 
Ad End 1 February 2024
Top