{"id":38900,"date":"2020-12-21T20:40:00","date_gmt":"2020-12-21T20:40:00","guid":{"rendered":"http:\/\/de0e6242-4f22-4b88-aae7-08de5d69aee8"},"modified":"2020-12-21T20:40:00","modified_gmt":"2020-12-21T20:40:00","slug":"partial-lists-of-organizations-infected-with-sunburst-malware-released-online","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/partial-lists-of-organizations-infected-with-sunburst-malware-released-online\/","title":{"rendered":"Partial lists of organizations infected with Sunburst malware released online"},"content":{"rendered":"
\"solar-flare-sunburst.jpg\"<\/span>
<\/span> Image: NASA <\/span><\/figcaption><\/figure>\n

Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware. <\/p>\n

\n

ZDNet Recommends<\/span> <\/h3>\n
\"The<\/span> <\/a> <\/div>\n

The best VPNs for 2021 <\/a> <\/p>\n

VPNs aren’t essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe online. Here are your top choices for best VPNs in 2020 and how to get set up.<\/p>\n

Read More<\/a> <\/p>\n<\/p><\/div>\n

The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers. <\/p>\n

The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense. <\/p>\n

MediaTek, one of the world’s largest semiconductor companies, is also believed to have been impacted; although, security researchers aren’t 100% on its inclusion on their lists just yet. <\/p>\n

Cracking the Sunburst subdomain mysteries <\/h3>\n

The way security researchers compiled these lists was by reverse-engineering the Sunburst (aka Solorigate) malware. <\/p>\n

For ZDNet readers learning of the Sunburst malware for the first time, this malware was injected inside updates for the SolarWinds Orion app released between March and June 2020. <\/p>\n

The boobytrapped updates planted the Sunburst malware deep inside the internal networks of many companies and government organizations which relied on the Orion app to monitor and keep inventories of internal IT systems. <\/p>\n

<\/section>\n

According to deep-dive reports published last week by Microsoft<\/a>, FireEye<\/a>, McAfee<\/a>, Symantec<\/a>, Kaspersky<\/a>, and US Cybersecurity and Infrastructure Security Agency (CISA<\/a>), on infected systems, the malware would gather information about the victim company’s network, wait 12 to 14 days, and then send the data to a remote command and control server (C&C). <\/p>\n

The hackers \u2014 believed to be a Russian state-sponsored group \u2014 would then analyze the data they received and escalated attacks only on networks that were of interest to their intelligence gathering goals. <\/p>\n

\"solorigate-attack-chain.png\"<\/span>