SolarWinds Supply Chain Attack Resource Hub

Keep up-to-date with the latest analysis, insights and recommendations.

UPDATE 1/8/21

The Latest on the SolarWinds Breach

The intent of this analysis is to aggregate the wide distribution of information being shared, provide insights and recommendations.

As we continue to learn more about the recent SolarWinds supply chain attack, GuidePoint Security continues to gather and distill the information for consumption. Currently our team is tracking the group as defined by FireEye as UNC2452 which is linked to the actor being tracked by the Volexity team as Dark Halo.

THREAT ADVISORY

SUPERNOVA SolarWinds .NET Webshell Analysis

The recently announced supply-chain compromise of SolarWinds and FireEye illustrated many of the threats observed during that investigation, with particular focus being placed on the SUNBURST SolarWinds Orion implant, the memory-resident TEARDROP malware dropper, and usage of Cobalt Strike’s BEACON module.  However, in the IOCs listed by FireEye as part of this investigation, a .NET webshell named SUPERNOVA was identified with no supplemental analysis as to its method of operation or any behavioral indications of this webshell being present in an environment.  

DFIR SERvice offerings

We are Here to Help

Our Digital Forensics and Incident Response team is tracking this breach to ensure we continue to provide the most useful and timely insights and analysis.

Threat Hunting and Discovery Analysis

We hunt your environment to identify anomalous and suspicious behaviors and determine if there are any ongoing threats present, including targeted threat actor activities that are potentially unnoticed or unidentified.

IR Retainer

Our team of incident responders are readily available to address escalations for potential security incidents, assist with investigative analysis and conduct forensic investigations involving the potential compromise of sensitive data or critical information assets.

IR Services

We can help you quickly investigate and understand the full scope of an incident to develop a comprehensive remediation strategy that effectively addresses both the current threat and future incidents.

Incident Response Enablement

We ensure that your incident responders, threat hunters and other SOC personnel have exposure to real-world threats and are equipped with the necessary capabilities to identify and effectively respond to incidents.

Certifications

Put an ELITE Highly-Trained Team on Your Side

More than 70% of our workforce consists of tenured cybersecurity engineers, architects and consultants