RT @craiu@twitter.com

Now that a x64 TEARDROP sample became available (6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d), it should be easier to link to older and parallel activity, which eventually will lead to connecting #UNC2452 #DarkHalo to known actor(s).

🐦🔗: https://twitter.com/craiu/status/1339954817247158272

RT @craiu@twitter.com

We are releasing some new findings in the #Solarwinds #Sunburst #darkhalo #unc2452 story. Our analysis plus an opensource tool that decodes and matches the UIDs from the CNAME records against publicly available pDNS data: https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/

🐦🔗: https://twitter.com/craiu/status/1339919401034915843