Supply-Chain Attack | Let's Talk SolarWinds Attack | What all you need to know about it
Let’s talk about Supply-Chain Attack and what all things we need to know about SolarWinds Supply-Chain Compromise
————————————————————————————————————————-
📝
*********For the December Timeline, The year is 2020 and NOT 2019, Apology for the mistake!!******
On Dec 13, 2020, Solarwinds, an IT company that creates software for network management, stated they were investigating an incident that appears to be the product of a “highly-sophisticated, targeted and manual supply chain attack by a nation-state.” SolarWinds said they are in contact with the FBI and that a vulnerability which existed until the March-June 2020 timeframe was leveraged to take advantage of their Orion software product.
The attack is a supply-chain based attack in which the adversary can leverage the software’s update mechanism. The Solarwinds attack has been linked to the Treasury Department and FireEye compromises at this time.
Information is being released continuously by those investigating the incidents across the thousands of organizations that use SolarWinds, including governments, militaries, and commercial entities around the world.
As indicators of compromise continue to be released, organizations and their incident response teams should prioritize hunting for adversary behaviors and Tools, Techniques, and Procedures (TTPs) associated with their SolarWinds installs, as that platform could be leveraged as a launching point into their organization.
🙏
***If you enjoy this video, please consider Subscribing to my channel and share this to your community as well*** 🙏
What we will cover here-
———————————————————————————————————————–
1. What is SolarWinds
2. Who uses this and why it is a target?
3. How to know if I am impacted?
4. Detailed Timeline of this incident.
5. Future Scope
🔗
Links for your needs-
———————————————————————————————————————–
Supernova Script- https://bit.ly/3pcR1Mw
Advisory- https://bit.ly/3oenr85
⏭
What’s next in BlackPerl?
————————————————————————————————————————-
In the next episode, we will come up with more such tools and techniques for DFIR and will try to explain them with real life usecases.
As I told, the new compilation series for DFIR and SOC training will be launched soon!! So please stay tuned!
📞📲
We are socially active as well-
———————————————————————————————————————–
LinkedIn: https://www.linkedin.com/company/blackperl
Twitter: @blackperl_dfir
Insta: (blackperl_dfir)https://www.instagram.com/blackperl_dfir/
Can be reached via blackperl_dfir@yahoo.com
⌚
TIMESTAMPS
————————————————————————————————————————-
0:00 ⏩ Intro
0:47 ⏩ What is SolarWinds
3:10 ⏩ Who uses this and why it is a target
10:02 ⏩ How to know if I am impacted?
13:58 ⏩ Attack LifeCycle
25:40 ⏩ Timeline Analysis
44:40 ⏩ IOC Lists
🎶
Background Music Curtsy
————————————————————————————————————————-
THBD:
https://www.facebook.com/thbds
https://www.youtube.com/channel/UCoXfgmSpdWC7JMKrMyg6a8Q
https://creativecommons.org/licenses/by/3.0/
Music provided by RFM: https://youtu.be/Ck0yeoa-XO4
————————————————————————————————————————-
Thanks for watching!! Be CyberAware!! 🤞
by BlackPerl
simple network management protocol