TTCSIRT-3188.8.131.52:TTCSIRT ADVISORY – SUNBURST BACKDOOR
FireEye has uncovered a widespread campaign that they are tracking as UNC2452.
The actors behind this campaign gained access to numerous public and private organizations around the world.
They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software.
FireEye stated that this campaign may have begun as early as Spring 2020 and is currently ongoing.
Post compromise activity following this supply chain compromise has included lateral movement and data theft.
The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.
For more insight on this vulnerability and to be aware of the current mitigation instructions please follow the link below:
The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates.