Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-02BlackberryBlackberry Research
@online{research:20221102:romcom:73ba97d, author = {Blackberry Research}, title = {{RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom}}, date = {2022-11-02}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/11/romcom-spoofing-solarwinds-keepass}, language = {English}, urldate = {2023-01-03} } RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
ROMCOM RAT RomCom
2021-11-08nccgroupFox IT
@online{it:20211108:ta505:6ac8d13, author = {Fox IT}, title = {{TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access}}, date = {2021-11-08}, organization = {nccgroup}, url = {https://blog.fox-it.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/}, language = {English}, urldate = {2021-11-09} } TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
2021-11-08NCC GroupRIFT: Research and Intelligence Fusion Team
@online{team:20211108:ta505:5a3c385, author = {RIFT: Research and Intelligence Fusion Team}, title = {{TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access}}, date = {2021-11-08}, organization = {NCC Group}, url = {https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/}, language = {English}, urldate = {2021-11-09} } TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
2021-10-22Medium JangJang
@online{jang:20211022:50:28a6ec4, author = {Jang}, title = {{50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)}}, date = {2021-10-22}, organization = {Medium Jang}, url = {https://testbnull.medium.com/50-shades-of-solarwinds-orion-deserialization-part-1-cve-2021-35215-2e5764e0e4f2}, language = {English}, urldate = {2021-10-26} } 50 Shades of SolarWinds Orion Deserialization (Part 1: CVE-2021–35215)
2021-10-21CrowdStrikeAlex Clinton, Tasha Robinson
@online{clinton:20211021:stopping:3c26152, author = {Alex Clinton and Tasha Robinson}, title = {{Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign}}, date = {2021-10-21}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-solarwinds-serv-u-exploit-campaign/}, language = {English}, urldate = {2021-11-02} } Stopping GRACEFUL SPIDER: Falcon Complete’s Fast Response to Recent SolarWinds Serv-U Exploit Campaign
Cobalt Strike FlawedGrace TinyMet
2021-09-29Kaspersky LabsIvan Kwiatkowski, Pierre Delcher
@online{kwiatkowski:20210929:darkhalo:d81f7d2, author = {Ivan Kwiatkowski and Pierre Delcher}, title = {{DarkHalo after SolarWinds: the Tomiris connection (UNC2849)}}, date = {2021-09-29}, organization = {Kaspersky Labs}, url = {https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/}, language = {English}, urldate = {2021-11-30} } DarkHalo after SolarWinds: the Tomiris connection (UNC2849)
tomiris
2021-09-02Bleeping ComputerSergiu Gatlan
@online{gatlan:20210902:autodesk:a947f3f, author = {Sergiu Gatlan}, title = {{Autodesk reveals it was targeted by Russian SolarWinds hackers}}, date = {2021-09-02}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/}, language = {English}, urldate = {2021-09-06} } Autodesk reveals it was targeted by Russian SolarWinds hackers
SUNBURST
2021-09-02MicrosoftMicrosoft Offensive Research & Security Engineering team
@online{team:20210902:deepdive:fe91071, author = {Microsoft Offensive Research & Security Engineering team}, title = {{A deep-dive into the SolarWinds Serv-U SSH vulnerability (DEV-0322)}}, date = {2021-09-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/}, language = {English}, urldate = {2021-09-06} } A deep-dive into the SolarWinds Serv-U SSH vulnerability (DEV-0322)
2021-07-30Bleeping ComputerSergiu Gatlan
@online{gatlan:20210730:doj:27f36c0, author = {Sergiu Gatlan}, title = {{DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices}}, date = {2021-07-30}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/doj-solarwinds-hackers-breached-emails-from-27-us-attorneys-offices/}, language = {English}, urldate = {2021-08-02} } DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices
2021-07-13YouTube ( Matt Soseman)Matt Soseman
@online{soseman:20210713:solarwinds:cb7df1d, author = {Matt Soseman}, title = {{Solarwinds and SUNBURST attacks compromised my lab!}}, date = {2021-07-13}, organization = {YouTube ( Matt Soseman)}, url = {https://www.youtube.com/watch?v=GfbxHy6xnbA}, language = {English}, urldate = {2021-07-21} } Solarwinds and SUNBURST attacks compromised my lab!
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-07-13MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210713:microsoft:5394367, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit}}, date = {2021-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/}, language = {English}, urldate = {2021-07-20} } Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-07-12Bleeping ComputerSergiu Gatlan
@online{gatlan:20210712:solarwinds:5f00d9a, author = {Sergiu Gatlan}, title = {{SolarWinds patches critical Serv-U vulnerability (CVE-2021-35211) exploited in the wild}}, date = {2021-07-12}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-serv-u-vulnerability-exploited-in-the-wild/}, language = {English}, urldate = {2021-07-20} } SolarWinds patches critical Serv-U vulnerability (CVE-2021-35211) exploited in the wild
2021-06-01SANSKevin Haley, Jake Williams
@online{haley:20210601:contrarian:6aff18c, author = {Kevin Haley and Jake Williams}, title = {{A Contrarian View on SolarWinds}}, date = {2021-06-01}, organization = {SANS}, url = {https://www.sans.org/webcasts/contrarian-view-solarwinds-119515}, language = {English}, urldate = {2021-06-21} } A Contrarian View on SolarWinds
Cobalt Strike Raindrop SUNBURST TEARDROP
2021-05-19The RecordAdam Janofsky
@online{janofsky:20210519:solarwinds:5c31adf, author = {Adam Janofsky}, title = {{SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019}}, date = {2021-05-19}, organization = {The Record}, url = {https://therecord.media/solarwinds-ceo-apologizes-for-blaming-an-intern-says-attack-may-have-started-in-january-2019/}, language = {English}, urldate = {2021-05-26} } SolarWinds CEO apologizes for blaming an intern, says attack may have started in January 2019
2021-05-14CISAUS-CERT
@online{uscert:20210514:analysis:f0b767a, author = {US-CERT}, title = {{Analysis Report (AR21-134A): Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise}}, date = {2021-05-14}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar21-134a}, language = {English}, urldate = {2021-07-19} } Analysis Report (AR21-134A): Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise
SUNBURST
2021-05-08The RecordCatalin Cimpanu
@online{cimpanu:20210508:solarwinds:501c002, author = {Catalin Cimpanu}, title = {{SolarWinds says fewer than 100 customers were impacted by supply chain attack}}, date = {2021-05-08}, organization = {The Record}, url = {https://therecord.media/solarwinds-says-fewer-than-100-customers-were-impacted-by-supply-chain-attack}, language = {English}, urldate = {2021-05-11} } SolarWinds says fewer than 100 customers were impacted by supply chain attack
SUNBURST
2021-05-07SolarWindsSolarwind
@online{solarwind:20210507:investigative:54c699d, author = {Solarwind}, title = {{An Investigative Update of the Cyberattack}}, date = {2021-05-07}, organization = {SolarWinds}, url = {https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000173994221000076/swi-20210507.htm}, language = {English}, urldate = {2021-05-11} } An Investigative Update of the Cyberattack
SUNBURST
2021-04-22RiskIQRiskIQ
@online{riskiq:20210422:solarwinds:83581ea, author = {RiskIQ}, title = {{SolarWinds: Advancing the Story}}, date = {2021-04-22}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/9a515637}, language = {English}, urldate = {2021-04-28} } SolarWinds: Advancing the Story
SUNBURST
2021-04-16nprDina Temple-Raston
@online{templeraston:20210416:worst:4086d6c, author = {Dina Temple-Raston}, title = {{A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack}}, date = {2021-04-16}, organization = {npr}, url = {https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack}, language = {English}, urldate = {2021-04-19} } A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack
2021-04-15European CouncilCouncil of the European Union
@online{union:20210415:declaration:f535296, author = {Council of the European Union}, title = {{Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation}}, date = {2021-04-15}, organization = {European Council}, url = {https://www.consilium.europa.eu/en/press/press-releases/2021/04/15/declaration-by-the-high-representative-on-behalf-of-the-european-union-expressing-solidarity-with-the-united-states-on-the-impact-of-the-solarwinds-cyber-operation}, language = {English}, urldate = {2021-04-16} } Declaration by the High Representative on behalf of the European Union expressing solidarity with the United States on the impact of the SolarWinds cyber operation
SUNBURST