A nation-state threat-actor managed to infiltrate a large number of organizations. They did this by distributing backdoor software, dubbed SunBurst, by compromising SolarWind’s Orion IT monitoring and management software update system. Fortinet is taking proactive steps to mitigate the attack as well as to help organizations understand its impact. Most organizations were not targeted, and therefore the existence of the malicious DLL file does not necessarily mean that actual damage was done. All published and subsequent IOCs were immediately added to our Cloud intelligence and signatures databases. We also proactively scanned our FortiEDR Cloud data lake for indicators to determine if customers were potentially impacted.
What We Have Learned So Far about the Sunburst /SolarWinds Hack
