U.S. CISAが、攻撃者がSolarWinds Orionのソフトウェアのサプライチェーンを侵害し一般的に使用されている認証メカニズムを広範囲に悪用しているとして、ウェブサイトを立ち上げ、無料の検証ツールを提供していますね。。。
こんにちは、丸山満彦です。
U.S. CISAが、攻撃者がSolarWinds Orionのソフトウェアのサプライチェーンを侵害し一般的に使用されている認証メカニズムを広範囲に悪用していとして、ウェブサイトを立ち上げ、無料の検証ツールを提供していますね。。。
● CISA - SUPPLY CHAIN COMPROMISE
ALERT: APT Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
● 緊急指令とその更新情報 -DHS-
・2020.12.30 Emergency Directive 21-01 - Supplemental Guidance v2 - Mitigate SolarWinds Orion Code Compromise
・2020.12.18 Emergency Directive 21-01 - Supplemental Guidance v1 - Mitigate SolarWinds Orion Code Compromise
・2020.12.13 Emergency Directive 21-01 - Mitigate SolarWinds Orion Code Compromise
● プレスリリース -CISA-
● 警告・ガイダンス
・2020.12.24 CISA Releases Free Detection Tool for Azure/M365 Environment
・・(/Sparrow)
・CISA Insights: What Every Leader Needs to Know About the Ongoing Cyber Incident
- NSA Cybersecurity Advisory: Detecting Abuse of Authentication Mechanisms
- This NSA cybersecurity advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity.
- This NSA cybersecurity advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity.
- SolarWinds Security Advisory
- This SolarWinds advisory describes the cyberattack to their system that inserted the SUBURST vulnerability within the Orion Platform software builds, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.
- This SolarWinds advisory describes the cyberattack to their system that inserted the SUBURST vulnerability within the Orion Platform software builds, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run.
- FireEye Advisory: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
- This FireEye advisory addresses the supply chain attack trojanizing SolarWinds Orion Business software updates in order to distribute malware referred to as “SUNBURST.”
- This FireEye advisory addresses the supply chain attack trojanizing SolarWinds Orion Business software updates in order to distribute malware referred to as “SUNBURST.”
- FireEye GitHub Page: Sunburst Countermeasures
- The FireEye GitHub repository provides rules in multiple languages (Snort, Yara, IOC, ClamAV) to detect the threat actor and supply chain attacks in the wild.
Comments