[MART] - Daily Diary #340- Autodesk Also Targeted in SolarWinds' Attack

CTAS-MAT ctas-mat at appgate.com
Thu Sep 2 21:28:39 UTC 2021


Hello,
I hope everyone is doing well!

Below is the entry for today.

09/02/2021 - Diary entry #340

In our Daily Diaries #168, #171, #172, #176, and many others we discussed SolarWinds' supply-chain attack. This marked 2020 as one of the worst cybersecurity incident, where the Russian APT group Cozy Bear managed to compromise SolarWinds' product, Orion, and deployed a trojanized version to their clients' infrastructure. At the time, we discussed the advanced techniques used by the attackers to hide itself in the targeted systems, and the multiple malware used in several of their attacks.

This week Autodesk, a US software and services company, confirmed that it was also backdoored with Sunburst malware, one of the many malware pieces used in the SolarWinds' incident. Autodesk is responsible for multiple products used in architecture, engineering, product manufacturing, building, entertainment, and others. One of the most famous products from AutoDesk is AutoCAD, heavily used for architecture and engineering. The company detected the compromised SolarWind's Orion was isolated and a forensic analysis was performed. They believe there was no other malicious activity besides the backdoor.

This incident shows yet another example on the extension of this attack. It's important to notice that the same way SolarWinds' Orion was trojanized, other products from affected companies can be used in the same way. It's a good reminder for companies to never blindly trust any third-part service, and employ zero-trust methodologies to keep affected servers from disrupting other systems.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210902/bb258797/attachment.htm>


More information about the MART mailing list