ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims - Examining the backdoor's DNS communications led researchers to find a government agency and a big ... https://threatpost.com/sunburst-c2-secrets-rsolarwinds-victims/162426/ #criticalinfrastructure #furtherexploitation #dnscommunications #technicalanalysis #governmentagency #vulnerabilities #cyberespionage #cloudsecurity #second-stage #websecurity #government #solarwinds #solorigate #kaspersky #backdoor #darkhalo #sunburst
#sunburst #darkhalo #backdoor #kaspersky #solorigate #solarwinds #government #websecurity #second #cloudsecurity #cyberespionage #vulnerabilities #governmentagency #technicalanalysis #dnscommunications #furtherexploitation #criticalinfrastructure
Joxean Koret (@matalaz) · @joxean
1055 followers · 11011 posts · Server mastodon.socialRT @craiu@twitter.com
Now that a x64 TEARDROP sample became available (6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d), it should be easier to link to older and parallel activity, which eventually will lead to connecting #UNC2452 #DarkHalo to known actor(s).
Joxean Koret (@matalaz) · @joxean
1055 followers · 11011 posts · Server mastodon.socialRT @craiu@twitter.com
We are releasing some new findings in the #Solarwinds #Sunburst #darkhalo #unc2452 story. Our analysis plus an opensource tool that decodes and matches the UIDs from the CNAME records against publicly available pDNS data: https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
#UNC2452 #sunburst #darkhalo #solarwinds