Blog

Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack

Anomali Threat Research
December 29, 2020
Table of contents
<p>SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company <a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html" target="_blank">FireEye is tracking as UNC2452</a>. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates.</p> <p>Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream.</p> <p>Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted.</p> <p>As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to <a href="{page_5148}">additional dashboards announced</a> as part of our December quarterly product release.</p> <p>Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console:</p> <p><img alt="Add Sunburst dashboard" src="https://cdn.filestackcontent.com/wjpzJ0lKS3auVOuYXhFC"/></p> <p>After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available:</p> <p><img alt="Sunburst dashboard" src="https://cdn.filestackcontent.com/9sDIs1y3QtWGOGRacIh8"/></p> <p>Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can <a href="{page_5170}">request a demo here</a>.</p> <p>For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial <a href="{page_5171}">threat bulletin and downloadable set of OSINT IOCs available here</a>.</p>
Anomali Threat Research

Anomali's Threat Research team continually tracks security threats to identify when new, highly critical security threats emerge. The Anomali Threat Research team's briefings discuss current threats and risks like botnets, data breaches, misconfigurations, ransomware, threat groups, and various vulnerabilities. The team also creates free and premium threat intelligence feeds for Anomali's industry-leading Threat Intelligence Platform, ThreatStream.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

December 29, 2020
-
Anomali Threat Research
,

Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack

<p>SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company <a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html" target="_blank">FireEye is tracking as UNC2452</a>. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates.</p> <p>Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream.</p> <p>Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted.</p> <p>As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to <a href="{page_5148}">additional dashboards announced</a> as part of our December quarterly product release.</p> <p>Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console:</p> <p><img alt="Add Sunburst dashboard" src="https://cdn.filestackcontent.com/wjpzJ0lKS3auVOuYXhFC"/></p> <p>After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available:</p> <p><img alt="Sunburst dashboard" src="https://cdn.filestackcontent.com/9sDIs1y3QtWGOGRacIh8"/></p> <p>Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can <a href="{page_5170}">request a demo here</a>.</p> <p>For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial <a href="{page_5171}">threat bulletin and downloadable set of OSINT IOCs available here</a>.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.