{"id":40558,"date":"2021-04-22T13:08:16","date_gmt":"2021-04-22T13:08:16","guid":{"rendered":"http:\/\/b02be2d8-c5b6-4c5c-b0a6-0bb9e06f24b1"},"modified":"2021-04-22T13:08:16","modified_gmt":"2021-04-22T13:08:16","slug":"solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/","title":{"rendered":"SolarWinds hack analysis reveals 56% boost in command server footprint"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/hub\/i\/r\/2021\/04\/21\/93001a46-d198-4c6f-be4b-c60b372f2418\/thumbnail\/770x578\/d8f3a69d838440daf58c219d67a9812e\/screenshot-2021-04-21-at-15-00-40.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed.&nbsp;<\/p>\n<p>The catastrophic SolarWinds security incident involved the compromise of the vendor&#8217;s network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst.&nbsp;<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/third-malware-strain-discovered-in-solarwinds-supply-chain-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunspot<\/a>, designed to monitor the SolarWinds build server for Orion assembly, was also found in January by CrowdStrike and is thought to be one of the preliminary tools used to pull off the attack.<\/p>\n<p>In total, an estimated 18,000 companies received the malicious update, with a <a href=\"https:\/\/www.zdnet.com\/article\/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house\/\" target=\"_blank\" rel=\"noopener noreferrer\">smaller number<\/a> of high-profile targets &#8212; including Microsoft, FireEye, and a number of federal government agencies &#8212; being selected for compromise over 2020.<\/p>\n<p>The White House, together with the UK government, has <a href=\"https:\/\/www.zdnet.com\/article\/solarwinds-us-and-uk-blame-russian-intelligence-service-hackers-for-major-cyber-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">blamed the intrusion<\/a> on state-backed Russian cybercriminals, APT29\/Cozy Bear (campaign tracked as&nbsp;<a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">UNC2452<\/a>).&nbsp;<\/p>\n<p>On Thursday, RiskIQ researchers <a href=\"https:\/\/community.riskiq.com\/article\/9a515637\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">published a report<\/a> on the network infrastructure footprint of SolarWinds-linked cyberattackers, labeling it as &#8220;significantly larger than previously identified.&#8221;<\/p>\n<p>According to the cybersecurity company, the <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-fireeye-confirm-solarwinds-supply-chain-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sunburst\/Solorigate<\/a> backdoor was designed to &#8220;identify, avoid, or disable different security products,&#8221; with a particular focus on circumventing antivirus software developed by FireEye, CrowdStrike, Microsoft, ESET, and F-Secure in the first stage of infection.&nbsp; <\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>&#8220;For months, the Russians successfully compromised or blinded the very security companies and government agencies most likely to pursue them,&#8221; RiskIQ says.&nbsp;<\/p>\n<p>The second and third stages included custom droppers (<a href=\"https:\/\/www.zdnet.com\/article\/fourth-malware-strain-discovered-in-solarwinds-incident\/\" target=\"_blank\" rel=\"noopener noreferrer\">Teardrop<\/a>\/Raindrop) and the deployment of <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-weve-found-three-more-pieces-of-malware-used-by-the-solarwinds-attackers\/\" target=\"_blank\" rel=\"noopener noreferrer\">additional malware<\/a> alongside Cobalt Strike. Implants for persistence with components dubbed Goldmax\/GoldFinder\/Sibot, as well as&nbsp;<a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/03\/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Sunshuttle<\/a>, have also been connected to these stages.&nbsp; <\/p>\n<p>Now, RiskIQ&#8217;s Team Atlas has identified an additional 18 servers linked to the SolarWinds espionage campaign, a number the firm says represents a &#8220;56% increase in the size of the adversary&#8217;s known command-and-control footprint.&#8221; <\/p>\n<p>The new C2s were discovered by mapping the second stage of deployment; in particular, modified beacons associated with Cobalt Strike. While this pattern itself is not uncommon, the team correlated this online data &#8212; containing over 3,000 results &#8212; with SSL certificates recorded as in use by the SolarWinds hackers.&nbsp; <\/p>\n<p>&#8220;[This] became highly unique when correlated with the SSL patterns,&#8221; RiskIQ says. &#8220;The result was the identification of a significant number of additional malicious servers.&#8221; <\/p>\n<p>RiskIQ added that the findings will &#8220;likely lead to newly identified targets.&#8221; US-CERT was made aware of RiskIQ&#8217;s findings prior to public disclosure.&nbsp;<\/p>\n<p>Last month, Swiss cybersecurity firm Prodaft published a <a href=\"https:\/\/www.zdnet.com\/article\/solarwinds-linked-hacking-group-silverfish-abuses-enterprise-victims-in-sandbox-malware-tests\/\" target=\"_blank\" rel=\"noopener noreferrer\">report on SilverFish<\/a>, a sophisticated threat group thought to be responsible for intrusions at over 4,700 organizations including Fortune 500 companies.&nbsp; <\/p>\n<p>SilverFish was connected to SolarWinds attacks as &#8220;one of many&#8221; APTs jumping on the incident. The group&#8217;s digital infrastructure has also revealed potential links to campaigns involving TrickBot and WastedLocker. <\/p>\n<h3> Previous and related coverage <\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers say newly identified targets are likely.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40559,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-40558","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-22T13:08:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds hack analysis reveals 56% boost in command server footprint\",\"datePublished\":\"2021-04-22T13:08:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/\"},\"wordCount\":500,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/\",\"name\":\"SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png\",\"datePublished\":\"2021-04-22T13:08:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SolarWinds hack analysis reveals 56% boost in command server footprint\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-22T13:08:16+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds hack analysis reveals 56% boost in command server footprint","datePublished":"2021-04-22T13:08:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/"},"wordCount":500,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/","name":"SolarWinds hack analysis reveals 56% boost in command server footprint 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png","datePublished":"2021-04-22T13:08:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-hack-analysis-reveals-56-boost-in-command-server-footprint\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"SolarWinds hack analysis reveals 56% boost in command server footprint"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40558"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40558\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40559"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}