{"id":38856,"date":"2020-12-23T13:13:00","date_gmt":"2020-12-23T13:13:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/"},"modified":"2020-12-23T13:13:00","modified_gmt":"2020-12-23T13:13:00","slug":"solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/","title":{"rendered":"SolarWinds roundup: Fixes, new bad actors, and what the company knew"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/06\/trojan-horse_malware_virus_binary_by-v-graphix-getty-100799531-large.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The SolarWinds Orion security breach is unfolding at a rapid pace, and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern are the rate of infection and impact on government systems.<\/p>\n<p>In case you missed it, a backdoor was found in the SolarWinds Orion IT monitoring and management software. A dynamic link library called SolarWinds.Orion.Core.BusinessLayer.dll, a SolarWinds digitally-signed component of the Orion software framework, was found to contain a backdoor that communicates via HTTP to third-party servers.<\/p>\n<aside class=\"fakesidebar\"><a href=\"https:\/\/www.networkworld.com\/newsletters\/signup.html\">[Get regularly scheduled insights by signing up for Network World newsletters.]<\/a><\/aside>\n<p>After an initial dormant period of up to two weeks, the Trojan retrieves and executes commands, called jobs, that include the ability to transfer files, execute files, profile the system, reboot, and disable system services. In short, a total takeover of the machine.<\/p>\n<p>The malware hides its network traffic in the Orion Improvement Program (OIP) protocol and stores its ill-gotten data within legitimate plugin configuration files, allowing it to blend in with legitimate SolarWinds activity.<\/p>\n<p>SolarWinds has said that less than 18,000 of its 300,000 customers have downloaded the Trojan, but that&#8217;s still 18,000 too many. Victims reportedly include consulting, technology, telecom, and oil and gas companies around the world as well as US government agencies, such as the Defense, Treasury, and Commerce departments.<\/p>\n<p>The latest victim is Cisco Systems, which found the Orion Trojan on internal systems. &#8220;Following the SolarWinds attack announcement, Cisco Security immediately began our established incident-response processes,&#8221; the company said in a statement.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id> <\/aside>\n<p>&#8220;We have isolated and removed Orion installations from a small number of lab environments and employee endpoints. At this time, there is no known impact to Cisco products, services, or to any customer data.&#8221;<\/p>\n<p>FireEye and Microsoft were among the first to identify the flaw, and more security experts are digging into it due to SolarWinds\u2019 widespread use.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id> <\/aside>\n<p>One thing is for certain, the final shoe has not dropped yet. Here&#8217;s a roundup of what has emerged in the last few days.<\/p>\n<h2>Killswitch Found<\/h2>\n<p>FireEye first documented the Trojan on December 13 in a <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\" rel=\"nofollow\">detailed writeup<\/a> on the malware, saying the Orion software could have been compromised as far back as March 2020. FireEye told the security site KrebsOnSecurity that it found a domain that has since been seized by Microsoft and has been reconfigured to act as a killswitch to prevent the malware from continuing to operate in some circumstances.<\/p>\n<p>&#8220;SUNBURST is the malware that was distributed through SolarWinds software. As part of FireEye&#8217;s analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate,&#8221; the company said in a statement sent to me.<\/p>\n<p>Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution. FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections.<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id> <\/aside>\n<p>&#8220;This killswitch will affect new and previous SUNBURST infections by disabling SUNBURST deployments that are still beaconing to avsvmcloud[.]com. However, in the intrusions FireEye has seen, this actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor. This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult to for the actor to leverage the previously distributed versions of SUNBURST,&#8221; it added.<\/p>\n<h2>Second Group Found<\/h2>\n<p>Microsoft <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/18\/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect\/\" rel=\"nofollow\">announced<\/a> that a second hacking group had deployed malicious code that affects the Orion software, but this malware, known to researchers as Supernova, is different from the original Trojan because it does not appear to involve a compromise of the supply chain, Microsoft said.<\/p>\n<p>While Russian hackers are suspected to be behind the first Orion software Trojan, Microsoft isn\u2019t sure who is behind this second compromise. &#8220;[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,&#8221; the Microsoft research team said in a blog post on Friday.<\/p>\n<p>The company noted that Microsoft Defender Antivirus, the default antimalware solution on Windows 10, detects and blocks the malicious DLL and its behaviors. It quarantines malware, even if the process is running.<\/p>\n<h2>They Were Warned Three Years Ago<\/h2>\n<p>A SolarWinds security adviser warned of security risks three years prior to the suspected hack and later quit when he felt the company wasn\u2019t taking him seriously, according to <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2020-12-21\/solarwinds-adviser-warned-of-lax-security-years-before-hack\" rel=\"nofollow\">an article published Monday by Bloomberg<\/a>. Ian Thornton-Trump gave a 23-page PowerPoint presentation to three SolarWinds executives back in 2017 urging them to install a cybersecurity senior director because he thought a major breach was inevitable, the article says.<\/p>\n<p>Thornton-Trump told Bloomberg he resigned from SolarWinds a month after his presentation because he claimed the company wasn&#8217;t interested in making the changes he had suggested to improve cybersecurity. &#8220;My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,&#8221; Thornton-Trump said.<\/p>\n<h2>Insider trading?<\/h2>\n<p>The Washington Post <a href=\"https:\/\/www.washingtonpost.com\/technology\/2020\/12\/15\/solarwinds-russia-breach-stock-trades\/?itid=sf_business-technology\" rel=\"nofollow\">reported<\/a> last week that that top investors in SolarWinds sold millions of dollars in stock in the days before the intrusion was revealed. SolarWinds\u2019s stock price has fallen more than 20 percent in the past few days. The Post cited former enforcement officials at the U.S. Securities and Exchange Commission (SEC) saying the sales were likely to prompt an insider-trading investigation.<\/p>\n<p>Private equity firms Silver Lake and Thoma Bravo, which owned three-quarters of outstanding SolarWinds shares, sold 13 million shares of stock at $21.97, worth $286 million, just one week before the disclosure of the supply-chain vulnerability. The stock closed the following Monday at $16.12. In November, outgoing SolarWinds CEO Kevin Thompson also sold more than $15 million shares, according to the Post.<\/p>\n<p>&#8220;Thoma Bravo and Silver Lake were not aware of this potential cyberattack at SolarWinds prior to entering into a private placement to a single institutional investor on 12\/7,&#8221; the companies said in a joint statement to the Post.<\/p>\n<div class=\"end-note\"> <!-- blx4 #2005 blox4.html --> <\/p>\n<div id class=\"blx blxParticleendnote blxM2005 blox4_html blxC23909\">Join the Network World communities on <a href=\"https:\/\/www.facebook.com\/NetworkWorld\/\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/network-world\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a> to comment on topics that are top of mind. <\/div>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/www.networkworld.com\/article\/3602090\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\nThe SolarWinds Orion security breach is unfolding at a rapid pace, and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern are the rate of infection and impact on government systems.In case you missed it, a backdoor was found in the SolarWinds Orion IT monitoring and management software. A dynamic link library called SolarWinds.Orion.Core.BusinessLayer.dll, a SolarWinds digitally-signed component of the Orion software framework, was found to contain a backdoor that communicates via HTTP to third-party servers.[Get regularly scheduled insights by signing up for Network World newsletters.]<br \/>\nAfter an initial dormant period of up to two weeks, the Trojan retrieves and executes commands, called jobs, that include the ability to transfer files, execute files, profile the system, reboot, and disable system services. In short, a total takeover of the machine.To read this article in full, please click here READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":38857,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[806,762,307],"class_list":["post-38856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-network-management","tag-networking","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-23T13:13:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds roundup: Fixes, new bad actors, and what the company knew\",\"datePublished\":\"2020-12-23T13:13:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/\"},\"wordCount\":1035,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg\",\"keywords\":[\"Network Management\",\"Networking\",\"Security\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/\",\"name\":\"SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg\",\"datePublished\":\"2020-12-23T13:13:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Network Management\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/network-management\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SolarWinds roundup: Fixes, new bad actors, and what the company knew\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-23T13:13:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds roundup: Fixes, new bad actors, and what the company knew","datePublished":"2020-12-23T13:13:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/"},"wordCount":1035,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg","keywords":["Network Management","Networking","Security"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/","name":"SolarWinds roundup: Fixes, new bad actors, and what the company knew 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg","datePublished":"2020-12-23T13:13:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-roundup-fixes-new-bad-actors-and-what-the-company-knew\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Network Management","item":"https:\/\/www.threatshub.org\/blog\/tag\/network-management\/"},{"@type":"ListItem","position":3,"name":"SolarWinds roundup: Fixes, new bad actors, and what the company knew"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38856"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/38857"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}