https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/
https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise
https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services
-
Breach Investigation
-
Remediation & Hardening
-
Solorigate Resources Center 🧭 READ FIRST
-
Breach Investigation
-
Advisory
-
Guidance & Best Practices
-
Detection
- cf. Hunting / Detection
-
Hardening
-
Policy
-
CrowdStrike
- Cf. CrowdStrike Reporting Tool for Azure blog post
-
https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714
-
https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2451159/nsa-cybersecurity-advisory-malicious-actors-abuse-authentication-mechanisms-to/
https://us-cert.cisa.gov/ncas/current-activity/2021/03/17/ttp-table-detecting-apt-activity-related-solarwinds-and-active
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
-
FireEye
-
Microsoft
-
Mcafee
-
CadoSecurity
-
SentinelOne
-
Truesec
-
ReversingLabs
-
Prevasio
-
GuidePoint Security
-
RedDrip Team, QiAnXin Technology
-
Netresec
-
Symantec
-
Kaspersky
-
« do not infect » domain hashes
-
DNS Infrastructure
-
Kaspersky
-
Netresec
-
Cloudflare
-
RedDrip Team, QiAnXin Technology
-
DomainTools
-
Prevasio
-
« DGA » Decoder
-
RedDrip Team, QiAnXin Technology
-
igosha
-
-
Symantec
-
VriesHD
-
-
FNV-1a-XOR Hashes
-
Deobfuscated RE
-
Symantec
-
CheckPoint
-
PaloAltoNetworks
-
Microsoft
-
Symantec
-
Microsoft
- Microsoft
-
Microsoft
-
FireEye
-
CISA