Attacker leverages SolarWinds supply chain with SUNNURST backdoor

FireEye has discovered a widespread campaign, tracked as UNC2452. The campaign started this Spring and is targeting organizations across the world, gaining access to them via infected updates to SolarWind's Orion IT monitoring and management software. The infected versions of SolarWind Orion plug-in are tacked as SUNBURST. The attacker's post-compromise activity uses multiple complicated techniques to evade detection. Read more...