• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Podcasts
  • Full Measure
  • Censored
  • Donate
  • Bestseller "Slanted": Order here

Sharyl Attkisson

Untouchable Subjects. Fearless, Nonpartisan Reporting.

  • US
  • World
  • Business
  • Health
    • Vaccine, Medical links
  • Special Investigations
    • Attkisson v. DOJ
    • Benghazi
    • Election 2020
    • Fast & Furious
    • Media Mistakes, Biden Era
    • Media Mistakes on Trump
    • Other investigations
      • Fake News
      • Obamacare
      • Obama Surveillance TL
      • "Collusion v. Trump" TL

READ: Fireeye cybersecurity company describes mysterious international hacking by "highly evasive attacker"

Dated: December 14, 2020 by Sharyl Attkisson 5 Comments

  •  
  •  
  •  
  •  
  •  

  • "Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor"
  • "Trojanized" SolarWinds software used to conduct attacks
  • According to an analyst, Dominion Voting Systems used a "FILE SHARE System... hosted on A SolarWinds Orion Network"
  • "This campaign may have begun as early as Spring 2020 and is currently ongoing"
https://dvsfileshare.dominionvoting.com/Web%20Client/Mobile/MLogin.htm

Fireeye, a California-based cybersecurity firm, has produced an in depth analysis of the international hacking attacks utilizing software used by U.S. government agencies and private companies worldwide: SolarWinds.

Backdoor methods were used to enter systems remotely.

After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer and execute files, profile the system, and disable system services. The backdoor’s behavior and network protocol blend in with legitimate SolarWinds activity, such as by masquerading as the Orion Improvement Program (OIP) protocol and storing reconnaissance results within plugin configuration files. The backdoor uses multiple blocklists to identify forensic and anti-virus tools via processes, services, and drivers...Hidden in plain sight, the class SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer implements an HTTP-based backdoor...

Fireeye analysis

Read SolarWinds security alert

Read alert from federal Cybersecurity and Infrastructure Security Agency

According to SolarWinds, it's customer list includes more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions.

According to SolarWinds, it's customer list includes more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions.

"Our customer list includes:

More than 425 of the US Fortune 500

All ten of the top ten US telecommunications companies

All five branches of the US Military

The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States

All five of the top five US accounting firms

Hundreds of universities and colleges worldwide"

Executive Summary

  • We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452.
  • FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. 
  • The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.
  • The campaign is widespread, affecting public and private organizations around the world.
  • FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are found on our public GitHub page. FireEye products and services can help customers detect and block this attack.

Summary

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security. (Continued...)

Read the full report here.

Order "Slanted: How the News Media Taught Us to Love Censorship and Hate Journalism" by Sharyl Attkisson today at Harper Collins, Amazon, Barnes & Noble, Books a Million, IndieBound, Bookshop!

Fight government overreach and double-standard justice by supporting the Attkisson Fourth Amendment Litigation Fund for Attkisson v. DOJ and FBI for the government computer intrusions. Click here.


  •  
  •  
  •  
  •  
  •  
Sharyl Attkisson

About Sharyl Attkisson

Emmy-Award Winning Investigative Journalist, New York Times Best Selling Author, Host of Sinclair's Full Measure

Reader Interactions

Comments

  1. AvatarGlenn Coplin says

    December 14, 2020 at 12:18 pm

    I believe in the President Trump and the United States of America, We the People not We the Politicians. God Bless America.

    Reply
  2. AvatarLinda Krok says

    December 14, 2020 at 1:22 pm

    Oh CRUD!!!!

    Reply
  3. AvatarMilly Vanilly says

    December 14, 2020 at 6:11 pm

    If the code is in mandarin, that should be a clue. Biden & MANY other demwwit marxist 'politicians' have been tripping over each other to SELL all our techware to the Chinese & highest bidders, WHY should this be a surprise ?
    The ones to EXAMINE more closely would be the Biden's, Pelosi, Kerry, Schiffly, Romney (the RINO) & Clinton, of course THAT will NEVER happen because our 'trustworthy' CIA will PROTECT them.

    Reply
  4. AvatarJulian Hudson says

    December 14, 2020 at 8:11 pm

    I find it very peculiar that the news reporters who vehemently and religiously deny that there are any signs of tampering with the 2020 election are not as derisive of the government agencies who today have claimed that they are the unwitting victims of computer malware attacks.
    They are demanding that they be provided the evidence. They accept the government claims prima facie. But when it comes to voter fraud they are deadly silent. It's unproven speculation and damaging to Western democracy.

    Reply
  5. AvatarPerry J. Hayden Jr. says

    December 15, 2020 at 10:50 am

    Sharyl Attkisson, I am grateful for your wonderful, accurate, legitimate reporting of true facts. A rare quality these days!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Coming Soon

Subscribe

Get the Latest Stories Straight to Your Inbox

Follow Sharyl Attkisson

  • Facebook
  • Instagram
  • RSS
  • Twitter
  • YouTube

Recent Comments

  • James on POLL: Majority of all demographic groups say voter ID requirement is reasonable
  • Phil on POLL: Ninety-eight percent (98%) say Biden should keep his "hands off" the structure of the U.S. Supreme Court
  • Vaccine execs: Covid-19 immunity from Pfizer-BioNTech & Moderna vaccines likely lasts less than a year (it’s already almost time for a booster) – Takin' It Back on Vaccine execs: Covid-19 immunity from Pfizer-BioNTech & Moderna vaccines likely lasts less than a year (it's already almost time for a booster)

Subscribe

Get the Latest Stories Straight to Your Inbox

Footer

Pages

  • Home
  • About
  • Podcast
  • Support
  • Contact

Sitemap

2ndary Pages

  • Full Measure Stations
  • Privacy Policy
  • Terms of Use
  • Subscribe to SharylAttkisson.com

SPECIAL INVESTIGATIONS

  • Attkisson v. DOJ/FBI
  • Benghazi
  • Election 2020
  • Fake News
  • Fast & Furious
  • Obamacare

Ad

Ad