NCL 05: Inside SUNBURST: The SolarWinds Supply-Chain Attack

Last month, a global state-sponsored cyber attack hit thousands of businesses and government agencies; the attack was due to a trojanized version of SolarWinds Orion product update. The malicious code has been dubbed SUNBURST and it possesses extraordinary command-and-control features with evasion capabilities.

In this session of the Navigating the Cyber Land webinar series, we will go through the technical details of this nefarious attack. We will start with describing the initial discovery of it along with estimated and reported impact. Then, we will talk about how the backdoor technically behaves and the tactics it performs to evade detection and/or sandbox analysis. Finally, we will review the best countermeasures against it and the lessons we can learn from such an attack.

The webinar will be technical in nature; and it will benefit both red team and blue team alike.