{"id":5818,"date":"2020-12-22T13:26:03","date_gmt":"2020-12-22T21:26:03","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5818"},"modified":"2023-10-12T11:24:31","modified_gmt":"2023-10-12T18:24:31","slug":"supply-chain-attack-by-suspected-nation-state-has-widespread-impact","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/","title":{"rendered":"Supply Chain Attack by Suspected Nation-State has Widespread Impact"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently<\/span><span style=\"font-weight: 400;\"> that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation-state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. <\/span><a href=\"https:\/\/www.fireeye.com\/blog\/products-and-services\/2020\/12\/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html\"><span style=\"font-weight: 400;\">FireEye<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2020-12-18\/cisco-latest-victim-of-russian-cyber-attack-using-solarwinds\"><span style=\"font-weight: 400;\">Cisco<\/span><\/a><span style=\"font-weight: 400;\"> are just some of the high profile companies believed to have been affected by the SolarWinds hack.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">U.S. government cybersecurity agencies also warned this week that the attackers behind the SolarWinds hack are believed to have used weaknesses in other, non-SolarWinds products to attack high-value targets. There have been multiple breaches under investigation in the U.S. Treasury and the Department of Commerce. Russian state-sponsored hackers have emerged as the likely perpetrators.\u00a0<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Department of Homeland Security Emergency Directive 21-01<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">The Department of Homeland Security (DHS) released an <\/span><a href=\"https:\/\/www.cisa.gov\/news\/2020\/12\/13\/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network\"><span style=\"font-weight: 400;\">emergency directive<\/span><\/a><span style=\"font-weight: 400;\"> 21-01 on steps to \u201cMitigate SolarWinds Orion Code Compromise.<\/span><span style=\"font-weight: 400;\">\u201d This type of directive applies broadly to Federal Agencies, but does not apply to \u201cnational security systems\u201d or to systems operated by the Department of Defense or the Intelligence Community. The security directive notes that the vendor\u2019s products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. The tactics employed allow an attacker to gain access to network traffic management systems.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Cybersecurity and Infrastructure Security Agency (CISA) states that this exploitation of SolarWinds products \u201cposes an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.\u201d CISA also notes that the vendor is working to provide updated software patches. However, agencies must wait until CISA provides further guidance before using any forthcoming patches to reinstall the SolarWinds Orion software in their enterprise. Meanwhile, it has provided required actions for Civilian Federal Agencies to follow.<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Security of Infoblox Platforms<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">Infoblox was not impacted by the Sunburst hack and we are not a SolarWinds customer.\u00a0 Further, to defend against other attacks that may mimic the Sunburst hack, we have conducted a comprehensive review of our codebase, our build process, post-build application integrity, and our platform access policies [least privilege\/minimal access]. We\u2019ve also evaluated our implementation and use of Duo and other third party software that are believed to have flaws that were exploited as part of this attack, and increased our vigilance with respect to auditing our people, our processes, and our technologies\u2014in the cloud, at the perimeter, and on these critical internal systems. At this time, Infoblox remains confident in the integrity of our enterprise systems and our products that customers rely on to manage their enterprises.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We understand that this was a highly sophisticated attack and all leading vendors should take this as a learning opportunity. Infoblox will apply what we have learned from Sunburst to strengthen our processes to continue to provide safe and effective solutions for our customers. \u00a0 We believe good security hygiene, along with safeguarding people, resources and components that contribute to our product offerings, is the foundation of providing safe solutions to our customers. Infoblox has made a significant investment in US Government and industry certifications including FedRAMP, Common Criteria, FIPS 140-2, DoD Approved Products List, and is pursuing SOC2 and the DoD&#8217;s Cybersecurity Maturity Model Certification (CMMC).\u00a0<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Protecting Your Enterprise with Foundational Security<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">This attack shows that relying on one or two security technologies alone is unlikely to provide protection against sophisticated attacks. In addition to following security best practices such as password rotation, account audits and staying on top of emergency advisories, customers need to use defense in depth for detection and threat containment.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Using a DNS security solution like Infoblox BloxOne Threat Defense as part of a multi-solution architecture to look at all possible threats using any channel including network control protocols like DNS is recommended. When an attack like this happens, BloxOne Threat Defense is designed to detect anomalous behaviors in the network such as malicious communications, advanced persistent threat activity, domain generation algorithm activity, botnet communications, DNS tunneling, and data exfiltration. The solution also integrates with Security Orchestration Automation and Remediation (SOAR) systems, ITSM solutions, vulnerability scanners and other security ecosystem tools to trigger remediation actions automatically if any malicious activity is detected.\u00a0<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Updated Threat Intelligence\u00a0<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">Infoblox automatically distributed all known indicators related to this attack to all BloxOne Threat Defense customers without any action needed on their part. We will continue to monitor the situation and continue to add more if needed. <\/span><span style=\"font-weight: 400;\">B1TD also offers customers the flexibility to insert IOCs from other sources into the solution to further strengthen their defenses.<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">The Value of DDI (DNS, DHCP, IPAM) data and DNS logs<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">Analyzing historical DNS logs is an effective way to see any network activity over a longer period of time and find out what resources a client has been accessing. DHCP fingerprint and IPAM metadata provide contextual information on affected devices such as type of device, OS information, network location and current and historical IP address allocations. All this data helps with event correlation and understanding the scope of a breach.\u00a0<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Additional Resources<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">To learn more about the SolarWinds Supply Chain Attack, read our <\/span><a href=\"https:\/\/blogs.infoblox.com\/cyber-threat-intelligence\/cyber-threat-advisory-solarwinds-supply-chain-attack\/\"><span style=\"font-weight: 400;\">Cyber Threat Advisory<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about DNS security here:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you have further questions, please reach out to us directly via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<h3>Endnotes<\/h3>\n<p>\u00b9<a href=\"https:\/\/www.reuters.com\/article\/us-usa-solarwinds-cyber\/it-company-solarwinds-says-it-may-have-been-hit-in-highly-sophisticated-hack-idUSKBN28N0Y7\">https:\/\/www.reuters.com\/article\/us-usa-solarwinds-cyber\/it-company-solarwinds-says-it-may-have-been-hit-in-highly-sophisticated-hack-idUSKBN28N0Y7<\/a><\/p>\n<p>\u00b2<a href=\"https:\/\/cyber.dhs.gov\/ed\/21-01\/\">https:\/\/cyber.dhs.gov\/ed\/21-01\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply [&hellip;]<\/p>\n","protected":false},"author":229,"featured_media":5819,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[380,375,374,368,367,379,189],"class_list":{"0":"post-5818","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-company","8":"tag-supply-chain-attack","9":"tag-enterprise","10":"tag-enterprises","11":"tag-federal","12":"tag-government","13":"tag-solarwinds","14":"tag-cybersecurity","15":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Supply Chain Attack by Suspected Nation-State has Widespread Impact<\/title>\n<meta name=\"description\" content=\"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supply Chain Attack by Suspected Nation-State has Widespread Impact\" \/>\n<meta property=\"og:description\" content=\"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-22T21:26:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T18:24:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"484\" \/>\n\t<meta property=\"og:image:height\" content=\"340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kanaiya Vasani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kanaiya Vasani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/\"},\"author\":{\"name\":\"Kanaiya Vasani\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/9942e593fefbad0c2fadc9228b26c71a\"},\"headline\":\"Supply Chain Attack by Suspected Nation-State has Widespread Impact\",\"datePublished\":\"2020-12-22T21:26:03+00:00\",\"dateModified\":\"2023-10-12T18:24:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/\"},\"wordCount\":972,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/supply-chain-attack-1.png\",\"keywords\":[\"Supply Chain Attack\",\"enterprise\",\"enterprises\",\"Federal\",\"Government\",\"SolarWinds\",\"Cybersecurity\"],\"articleSection\":[\"Company\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/\",\"name\":\"Supply Chain Attack by Suspected Nation-State has Widespread Impact\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/supply-chain-attack-1.png\",\"datePublished\":\"2020-12-22T21:26:03+00:00\",\"dateModified\":\"2023-10-12T18:24:31+00:00\",\"description\":\"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/supply-chain-attack-1.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/supply-chain-attack-1.png\",\"width\":484,\"height\":340},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/company\\\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Company\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/company\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Supply Chain Attack by Suspected Nation-State has Widespread Impact\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/9942e593fefbad0c2fadc9228b26c71a\",\"name\":\"Kanaiya Vasani\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/kanaiya-new-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/kanaiya-new-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/kanaiya-new-96x96.jpg\",\"caption\":\"Kanaiya Vasani\"},\"description\":\"Over the course of Kanaiya Vasani\u2019s career, he has held leadership roles in a broad array of corporate functions including strategy and corporate\\\/business development, product management and marketing, and general management and R&amp;D, in a variety of organizations ranging from early stage startups to large multi-billion dollar public companies. Presently he runs the Products and Corp Dev organization at Infoblox, driving its transition to SaaS and expansion into new adjacencies including security, analytics, and cloud. Executive Vice President, Products and Corporate Development at Infoblox.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/kanaiya-vasani\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Supply Chain Attack by Suspected Nation-State has Widespread Impact","description":"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/","og_locale":"en_US","og_type":"article","og_title":"Supply Chain Attack by Suspected Nation-State has Widespread Impact","og_description":"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.","og_url":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/","og_site_name":"Infoblox Blog","article_published_time":"2020-12-22T21:26:03+00:00","article_modified_time":"2023-10-12T18:24:31+00:00","og_image":[{"width":484,"height":340,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png","type":"image\/png"}],"author":"Kanaiya Vasani","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kanaiya Vasani","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/"},"author":{"name":"Kanaiya Vasani","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/9942e593fefbad0c2fadc9228b26c71a"},"headline":"Supply Chain Attack by Suspected Nation-State has Widespread Impact","datePublished":"2020-12-22T21:26:03+00:00","dateModified":"2023-10-12T18:24:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/"},"wordCount":972,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png","keywords":["Supply Chain Attack","enterprise","enterprises","Federal","Government","SolarWinds","Cybersecurity"],"articleSection":["Company"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/","url":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/","name":"Supply Chain Attack by Suspected Nation-State has Widespread Impact","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png","datePublished":"2020-12-22T21:26:03+00:00","dateModified":"2023-10-12T18:24:31+00:00","description":"Supply Chain Attack by Suspected Nation-State has Widespread Impact. Both commercial enterprise and government agencies have been facing off for the last several days against a highly sophisticated attack being propagated through supply chain software. IT company SolarWinds noted recently that monitoring products it released in March and June of this year may have been tampered with in a \u201chighly-sophisticated, targeted and manual supply chain attack by a nation state.\u201d Hackers reportedly injected malware into SolarWinds Orion network management platform and, according to news accounts, subsequent software updates distributed malware throughout SolarWinds customer base. This attack is believed to have infected all versions of Orion software released between March and June 2020 with SUNBURST malware, a sophisticated backdoor that uses HTTP to communicate with attacker infrastructure. FireEye and Cisco are just some of the high profile companies believed to that have been affected by the SolarWinds hack.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/supply-chain-attack-1.png","width":484,"height":340},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/company\/supply-chain-attack-by-suspected-nation-state-has-widespread-impact\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Company","item":"https:\/\/www.infoblox.com\/blog\/category\/company\/"},{"@type":"ListItem","position":3,"name":"Supply Chain Attack by Suspected Nation-State has Widespread Impact"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/9942e593fefbad0c2fadc9228b26c71a","name":"Kanaiya Vasani","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/kanaiya-new-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/kanaiya-new-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/kanaiya-new-96x96.jpg","caption":"Kanaiya Vasani"},"description":"Over the course of Kanaiya Vasani\u2019s career, he has held leadership roles in a broad array of corporate functions including strategy and corporate\/business development, product management and marketing, and general management and R&amp;D, in a variety of organizations ranging from early stage startups to large multi-billion dollar public companies. Presently he runs the Products and Corp Dev organization at Infoblox, driving its transition to SaaS and expansion into new adjacencies including security, analytics, and cloud. Executive Vice President, Products and Corporate Development at Infoblox.","url":"https:\/\/www.infoblox.com\/blog\/author\/kanaiya-vasani\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/229"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5818"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5818\/revisions"}],"predecessor-version":[{"id":8993,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5818\/revisions\/8993"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5819"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}