The actors behind this campaign gained access to numerous public and private organizations around the world. FireEye products and services can help customers detect and block this attack.įireEye has uncovered a widespread campaign, that we are tracking as UNC2452. These are found on our public GitHub page.
FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. The campaign is widespread, affecting public and private organizations around the world. 
The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection. 
FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. We are tracking the actors behind this campaign as UNC2452. We have discovered a global intrusion campaign. The UNC2452 activity described in this post is now attributed to APT29. UPDATE (May 2022): We have merged UNC2452 with APT29. 
Create a Free Mandiant Advantage Account.
0 kommentar(er)
