FireEye:- Sunburst Attack – Risk Assessment

Background

Quick personal read of the recent disclosure of network security attack detailed by FireEye.

 

Lineage

  1. FireEye:- Sunburst Attack
    Link

Assessment

Quick Assessment of the FireEye Sunburst Attack.

  1. Highly Targeted – Software Companies
    • Software Security Companies
      • FireEye
      • SolarWinds
    • Email Provider
      • Microsoft, specifically Microsoft Exchange
  2. Highly Targeted – Individuals
    • Government Employees
    • Policy Makers
    • Decision Curators
    • Publicly traded companies
      • C-Level executives
    • Computer Network Security Companies
  3. Tooling
    • FireEye
      • Kevin Mandia ( Operational Activities ) [ Link ]
        • Use of malicious SolarWinds update: Inserting malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim’s environment
        • Light malware footprint: Using limited malware to accomplish the mission while avoiding detection
        • Prioritization of stealth: Going to significant lengths to observe and blend into normal network activity
        • High OPSEC: Patiently conducting reconnaissance, consistently covering their tracks, and using difficult-to-attribute tools
      • Kevin Mandia ( Targeted ) [ Link ]
        • These compromises are not self-propagating; each of the attacks requires meticulous planning and manual interaction.
  4. Compromised
    • Target
      • Intellectual Property ( IP )
      • Email Correspondences
      • Network
    • Security
      • Two Factor Authentication
        • DUO
    • Software Companies
      • Application Source Code
        • Supply Chain Compromise
  5. Suspects
    • Nation-State Cyber Actors
  6. Timeline
    • Started:- 2020 Spring
    • Discovered:- 2020 December

 

Notable Mentions

  1. FireEye
    • Executives
      • Kevin Mandia ( CEO )
      • Charles Carmakal
        • Corporate:- Mandiant, FireEye’s incident response arm
        • Position:- Senior vice president  ( SVP) and chief technology officer ( CTO )
    • Number of Employees:- 3200
    • Location:- Milpitas, California
    • Annual Revenue:- 1 billion

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s