Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-03-10US-CERTCISA
@online{cisa:20210310:remediating:23bf74d, author = {CISA}, title = {{Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise}}, date = {2021-03-10}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/remediating-apt-compromised-networks}, language = {English}, urldate = {2021-03-12} } Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
SUNBURST
2021-03-08Youtube (SANS Digital Forensics and Incident Response)Katie Nickels, Adam Pennington, Jen Burns
@online{nickels:20210308:star:083eb29, author = {Katie Nickels and Adam Pennington and Jen Burns}, title = {{STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)}}, date = {2021-03-08}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=LA-XE5Jy2kU}, language = {English}, urldate = {2021-03-11} } STAR Webcast: Making sense of SolarWinds through the lens of MITRE ATT&CK(R)
Cobalt Strike SUNBURST TEARDROP
2021-02-26YouTube (Oversight Committee)Oversight Committee
@online{committee:20210226:weathering:6dfb09f, author = {Oversight Committee}, title = {{Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign}}, date = {2021-02-26}, organization = {YouTube (Oversight Committee)}, url = {https://www.youtube.com/watch?v=dV2QTLSecpc}, language = {English}, urldate = {2021-03-25} } Weathering the Storm: The Role of Private Tech in the SolarWinds Breach and Ongoing Campaign
SUNBURST
2021-02-24Bleeping ComputerSergiu Gatlan
@online{gatlan:20210224:nasa:646b084, author = {Sergiu Gatlan}, title = {{NASA and the FAA were also breached by the SolarWinds hackers}}, date = {2021-02-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/}, language = {English}, urldate = {2021-02-25} } NASA and the FAA were also breached by the SolarWinds hackers
SUNBURST
2021-02-17NetresecErik Hjelmvik
@online{hjelmvik:20210217:targeting:6deceed, author = {Erik Hjelmvik}, title = {{Targeting Process for the SolarWinds Backdoor}}, date = {2021-02-17}, organization = {Netresec}, url = {https://netresec.com/?b=212a6ad}, language = {English}, urldate = {2021-02-18} } Targeting Process for the SolarWinds Backdoor
SUNBURST
2021-02-17apirroAriel Levy
@online{levy:20210217:detect:e5bdc1b, author = {Ariel Levy}, title = {{Detect and prevent the SolarWinds build-time code injection attack}}, date = {2021-02-17}, organization = {apirro}, url = {https://blog.apiiro.com/detect-and-prevent-the-solarwinds-build-time-code-injection-attack}, language = {English}, urldate = {2021-02-20} } Detect and prevent the SolarWinds build-time code injection attack
SUNBURST
2021-02-17YouTube (The White House)Anne Neuberger
@online{neuberger:20210217:update:f24ad1e, author = {Anne Neuberger}, title = {{Update on Investigaton on Solarwinds supply chain attack from the Deputy National Security Advisor}}, date = {2021-02-17}, organization = {YouTube (The White House)}, url = {https://youtu.be/Ta_vatZ24Cs?t=59}, language = {English}, urldate = {2021-02-18} } Update on Investigaton on Solarwinds supply chain attack from the Deputy National Security Advisor
SUNBURST
2021-02-03SolarWindsSudhakar Ramakrishna
@online{ramakrishna:20210203:findings:7b36d12, author = {Sudhakar Ramakrishna}, title = {{Findings From Our Ongoing Investigations}}, date = {2021-02-03}, organization = {SolarWinds}, url = {https://orangematter.solarwinds.com/2021/02/03/findings-from-our-ongoing-investigations/}, language = {English}, urldate = {2021-02-09} } Findings From Our Ongoing Investigations
2021-02-03TrustwaveTrustwave SpiderLabs
@techreport{spiderlabs:20210203:new:08a89eb, author = {Trustwave SpiderLabs}, title = {{New Vulnerabilities Discovered in SolarWinds Products by Trustwave SpiderLabs}}, date = {2021-02-03}, institution = {Trustwave}, url = {https://trustwave.azureedge.net/media/17653/solarwinds-vuln-fact-sheet-_final-222021.pdf}, language = {English}, urldate = {2021-02-04} } New Vulnerabilities Discovered in SolarWinds Products by Trustwave SpiderLabs
2021-02-03Sophos Managed Threat Response (MTR)Greg Iddon
@online{iddon:20210203:mtr:8eb9950, author = {Greg Iddon}, title = {{MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server}}, date = {2021-02-03}, organization = {Sophos Managed Threat Response (MTR)}, url = {https://news.sophos.com/en-us/2021/02/03/mtr-casebook-uncovering-a-backdoor-implant-in-a-solarwinds-orion-server/}, language = {English}, urldate = {2021-02-04} } MTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server
RagnarLocker
2021-02-02ReutersChristopher Bing, Jack Stubbs, Raphael Satter, Joseph Menn
@online{bing:20210202:exclusive:426eec4, author = {Christopher Bing and Jack Stubbs and Raphael Satter and Joseph Menn}, title = {{Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency - sources}}, date = {2021-02-02}, organization = {Reuters}, url = {https://www.reuters.com/article/us-cyber-solarwinds-china/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-u-s-payroll-agency-sources-idUSKBN2A22K8}, language = {English}, urldate = {2021-02-04} } Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency - sources
2021-02-02The Wall Street JournalRobert McMillan
@online{mcmillan:20210202:hackers:57bcb4b, author = {Robert McMillan}, title = {{Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says}}, date = {2021-02-02}, organization = {The Wall Street Journal}, url = {https://www.wsj.com/articles/hackers-lurked-in-solarwinds-email-system-for-at-least-9-months-ceo-says-11612317963?mod=e2tw}, language = {English}, urldate = {2021-02-04} } Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says
2021-01-26FidelisChris Kubic
@online{kubic:20210126:ongoing:c57f443, author = {Chris Kubic}, title = {{Ongoing Analysis of SolarWinds Impacts}}, date = {2021-01-26}, organization = {Fidelis}, url = {https://fidelissecurity.com/threatgeek/data-protection/ongoing-analysis-solarwinds-impact/}, language = {English}, urldate = {2021-01-27} } Ongoing Analysis of SolarWinds Impacts
SUNBURST
2021-01-26Bleeping ComputerSergiu Gatlan
@online{gatlan:20210126:mimecast:ef80465, author = {Sergiu Gatlan}, title = {{Mimecast links security breach to SolarWinds hackers}}, date = {2021-01-26}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/}, language = {English}, urldate = {2021-01-27} } Mimecast links security breach to SolarWinds hackers
SUNBURST
2021-01-22SymantecThreat Hunter Team
@online{team:20210122:solarwinds:b82c2df, author = {Threat Hunter Team}, title = {{SolarWinds: How Sunburst Sends Data Back to the Attackers}}, date = {2021-01-22}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data}, language = {English}, urldate = {2021-01-25} } SolarWinds: How Sunburst Sends Data Back to the Attackers
SUNBURST
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-18SymantecThreat Hunter Team
@online{team:20210118:raindrop:9ab1262, author = {Threat Hunter Team}, title = {{Raindrop: New Malware Discovered in SolarWinds Investigation}}, date = {2021-01-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware}, language = {English}, urldate = {2021-01-21} } Raindrop: New Malware Discovered in SolarWinds Investigation
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-01-15SymantecThreat Hunter Team
@online{team:20210115:solarwinds:46d0db6, author = {Threat Hunter Team}, title = {{SolarWinds: Insights into Attacker Command and Control Process}}, date = {2021-01-15}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-command-control}, language = {English}, urldate = {2021-01-21} } SolarWinds: Insights into Attacker Command and Control Process
SUNBURST
2021-01-11SolarWindsSudhakar Ramakrishna
@online{ramakrishna:20210111:new:296b621, author = {Sudhakar Ramakrishna}, title = {{New Findings From Our Investigation of SUNBURST}}, date = {2021-01-11}, organization = {SolarWinds}, url = {https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/}, language = {English}, urldate = {2021-01-18} } New Findings From Our Investigation of SUNBURST
Cobalt Strike SUNBURST TEARDROP
2021-01-08splunkMarcus LaFerrera, John Stoner, Lily Lee, James Brodsky, Ryan Kovar
@online{laferrera:20210108:golden:d31442a, author = {Marcus LaFerrera and John Stoner and Lily Lee and James Brodsky and Ryan Kovar}, title = {{A Golden SAML Journey: SolarWinds Continued}}, date = {2021-01-08}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html}, language = {English}, urldate = {2021-01-11} } A Golden SAML Journey: SolarWinds Continued
SUNBURST