{"id":1360,"date":"2021-01-25T10:03:57","date_gmt":"2021-01-25T17:03:57","guid":{"rendered":"https:\/\/www.karlstechnology.com\/blog\/?p=1360"},"modified":"2021-01-25T10:03:58","modified_gmt":"2021-01-25T17:03:58","slug":"attack-on-solarwinds-turns-to-malwarebytes","status":"publish","type":"post","link":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/","title":{"rendered":"Attack on SolarWinds Turns to Malwarebytes"},"content":{"rendered":"\n<p>It seems as though we have not seen the last of the attacker, who on December 14th, 2020, breeched the Orion platform in SolarWinds software. <\/p>\n\n\n\n<p>According to <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2021\/01\/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments\/\">Malwarebytes<\/a>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&#8220;We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.&#8221;<\/p><\/blockquote>\n\n\n\n<p>Malwarebytes is a trusted name in cybersecurity. Although they do not utilize SolarWinds software in their company, they and other companies like Microsoft have been affected by it. They thank security companies, such as CrowdStrike and FireEye for their efforts in vividly recounting attacks publicly in hopes to avoid further issues.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"537\" src=\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6-1024x537.png\" alt=\"\" class=\"wp-image-574\" srcset=\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6-1024x537.png 1024w, https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6-300x157.png 300w, https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6-768x403.png 768w, https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6-624x327.png 624w, https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-6.png 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Crowdstrike shared that malware coming from activity, called StellerParticle included SUNSPOT. SUNSPOT had been added to certain software builds (such as SolarWinds) as a backdoor. It then acted discreetly while replacing different source files with malware. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&#8220;The design of SUNSPOT suggests StellarParticle developers invested a lot of effort to ensure the code was properly inserted and remained undetected, and prioritized operational security to avoid revealing their presence in the build environment to SolarWinds developers.&#8221;<\/p><cite>Source: <a href=\"https:\/\/www.crowdstrike.com\/blog\/sunspot-malware-technical-analysis\/\">Crowdstrike<\/a><\/cite><\/blockquote>\n\n\n\n<p>For help with computer security issues, call us at\u00a0<a href=\"tel:1-800-620-5285\">1-800-620-5285<\/a>. \u00a0Karls Technology is a nationwide computer service company with offices in many major cities. This blog post was brought to you from our staff at the\u00a0<a href=\"https:\/\/www.karlstechnology.com\/computer-repair-denver-co\/\">Denver Computer Repair Service<\/a>. If you need computer repair in Denver, CO please call or text the local office at\u00a0<a href=\"tel:720-441-6460\">(720) 441-6460<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It seems as though we have not seen the last of the attacker, who on December 14th, 2020, breeched the Orion platform in SolarWinds software. According to Malwarebytes: &#8220;We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive [&hellip;]<\/p>\n","protected":false},"author":22392,"featured_media":579,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1360","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computerrepair"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog\" \/>\n<meta property=\"og:description\" content=\"It seems as though we have not seen the last of the attacker, who on December 14th, 2020, breeched the Orion platform in SolarWinds software. According to Malwarebytes: &#8220;We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\" \/>\n<meta property=\"og:site_name\" content=\"Computer Repair Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/karlstechnology\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-25T17:03:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-25T17:03:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"629\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristin Willis\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristin Willis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\"},\"author\":{\"name\":\"Kristin Willis\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/bc979de85e31552def2c5917dfc51b2d\"},\"headline\":\"Attack on SolarWinds Turns to Malwarebytes\",\"datePublished\":\"2021-01-25T17:03:57+00:00\",\"dateModified\":\"2021-01-25T17:03:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\"},\"wordCount\":279,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png\",\"articleSection\":[\"Computer Repair\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\",\"url\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\",\"name\":\"Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png\",\"datePublished\":\"2021-01-25T17:03:57+00:00\",\"dateModified\":\"2021-01-25T17:03:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage\",\"url\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png\",\"contentUrl\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png\",\"width\":1200,\"height\":629},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.karlstechnology.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attack on SolarWinds Turns to Malwarebytes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#website\",\"url\":\"https:\/\/www.karlstechnology.com\/blog\/\",\"name\":\"Computer Repair Blog\",\"description\":\"Karls Technology Computer Repair\",\"publisher\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.karlstechnology.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#organization\",\"name\":\"Karls Technology\",\"url\":\"https:\/\/www.karlstechnology.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/04\/karlstechnology.png\",\"contentUrl\":\"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/04\/karlstechnology.png\",\"width\":800,\"height\":99,\"caption\":\"Karls Technology\"},\"image\":{\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/karlstechnology\",\"https:\/\/x.com\/karlstechnology\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/bc979de85e31552def2c5917dfc51b2d\",\"name\":\"Kristin Willis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9274e0fd36a71af1da9f3c53500479b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9274e0fd36a71af1da9f3c53500479b6?s=96&d=mm&r=g\",\"caption\":\"Kristin Willis\"},\"sameAs\":[\"https:\/\/www.karlstechnology.com\"],\"url\":\"https:\/\/www.karlstechnology.com\/blog\/author\/kristin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/","og_locale":"en_US","og_type":"article","og_title":"Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog","og_description":"It seems as though we have not seen the last of the attacker, who on December 14th, 2020, breeched the Orion platform in SolarWinds software. According to Malwarebytes: &#8220;We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive [&hellip;]","og_url":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/","og_site_name":"Computer Repair Blog","article_publisher":"https:\/\/www.facebook.com\/karlstechnology","article_published_time":"2021-01-25T17:03:57+00:00","article_modified_time":"2021-01-25T17:03:58+00:00","og_image":[{"width":1200,"height":629,"url":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png","type":"image\/png"}],"author":"Kristin Willis","twitter_misc":{"Written by":"Kristin Willis","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#article","isPartOf":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/"},"author":{"name":"Kristin Willis","@id":"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/bc979de85e31552def2c5917dfc51b2d"},"headline":"Attack on SolarWinds Turns to Malwarebytes","datePublished":"2021-01-25T17:03:57+00:00","dateModified":"2021-01-25T17:03:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/"},"wordCount":279,"commentCount":0,"publisher":{"@id":"https:\/\/www.karlstechnology.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png","articleSection":["Computer Repair"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/","url":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/","name":"Attack on SolarWinds Turns to Malwarebytes - Computer Repair Blog","isPartOf":{"@id":"https:\/\/www.karlstechnology.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage"},"image":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png","datePublished":"2021-01-25T17:03:57+00:00","dateModified":"2021-01-25T17:03:58+00:00","breadcrumb":{"@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#primaryimage","url":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png","contentUrl":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/08\/My-Post-7.png","width":1200,"height":629},{"@type":"BreadcrumbList","@id":"https:\/\/www.karlstechnology.com\/blog\/attack-on-solarwinds-turns-to-malwarebytes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.karlstechnology.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Attack on SolarWinds Turns to Malwarebytes"}]},{"@type":"WebSite","@id":"https:\/\/www.karlstechnology.com\/blog\/#website","url":"https:\/\/www.karlstechnology.com\/blog\/","name":"Computer Repair Blog","description":"Karls Technology Computer Repair","publisher":{"@id":"https:\/\/www.karlstechnology.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.karlstechnology.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.karlstechnology.com\/blog\/#organization","name":"Karls Technology","url":"https:\/\/www.karlstechnology.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/04\/karlstechnology.png","contentUrl":"https:\/\/www.karlstechnology.com\/blog\/wp-content\/uploads\/2019\/04\/karlstechnology.png","width":800,"height":99,"caption":"Karls Technology"},"image":{"@id":"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/karlstechnology","https:\/\/x.com\/karlstechnology"]},{"@type":"Person","@id":"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/bc979de85e31552def2c5917dfc51b2d","name":"Kristin Willis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.karlstechnology.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9274e0fd36a71af1da9f3c53500479b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9274e0fd36a71af1da9f3c53500479b6?s=96&d=mm&r=g","caption":"Kristin Willis"},"sameAs":["https:\/\/www.karlstechnology.com"],"url":"https:\/\/www.karlstechnology.com\/blog\/author\/kristin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/posts\/1360"}],"collection":[{"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/users\/22392"}],"replies":[{"embeddable":true,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/comments?post=1360"}],"version-history":[{"count":1,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/posts\/1360\/revisions"}],"predecessor-version":[{"id":1361,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/posts\/1360\/revisions\/1361"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/media\/579"}],"wp:attachment":[{"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/media?parent=1360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/categories?post=1360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.karlstechnology.com\/blog\/wp-json\/wp\/v2\/tags?post=1360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}