Customers are advised to assess both intellectual property protection and supply chain integrity strategies. Part one of this blog series details initial McAfee defensive guidance and response actions. Part two will describe additional mitigation and solution recommendations. For the latest information on McAfee see KB and subscribe to receive updates. Below is protection summary to date for the known backdoor indicators.
McAfee Labs will continue analysis for any known indicators associated with this attack and update product protection accordingly. Furthermore, analysis is underway to analyse the behavioural components of the campaign and ensure product efficacy considers protection beyond static measures such as signatures. The indicators will continue to update based on automated collection and human analysis.
You can use the indicators to hunt on your network. It's a godsend, the relationship we're making with Sunburst I'm looking to expand what we do and how we teach with many other educational tools offered by Sunburst to give the students hands-on, practical experience learning twenty-first century computer skills and computational thinking.
Leland, Technology Coordinator at St. Digital Learning Solutions for K Sunburst Digital has connected educators with supplemental instructional technology and digital education solutions for three decades. Search Our Digital Solutions:. Wonder Workshop. Research published by Kaspersky discovered that several of the features in Sunburst overlap with Kazuar. You can read the details of the connections between Sunburst and Kazuar here. The Cybersecurity and Infrastructure Security Agency CISA has provided a regularly updated cybersecurity advisory on how to handle potential compromises associated with the SolarWinds outbreak, which can be found here.
This advisory was released on December 17th and applies to government agencies, critical infrastructure, and private sector organizations.
It provides regular updates on the investigation, mitigation guidance, indicators of compromise, and more. The effects of the SolarWinds breach have been extensive. Symantec, who also analyzed the attack, identified the trojanized software updates on over 2, computers at more than customers.
Fortunately, one killswitch has been identified and activated for one of the pieces of malware used by the threat actors as part of their attack. It has been found that the IP address that Sunburst communicates with resolves to the domain avsmcloud.
Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue.
0コメント