Sunburst Hack

January 19th, 2021 by admin

A shadowy hand ominously typing on a keyboard of a laptop, their hand facing the wrong direction as its coming from the side with the screen and not the trackpad

We almost did it December, we almost made it one whole month in 2020 without a total catastrophe. 30 measly days, that's all I was hoping for. Hardly any time at all really, considering it's just one moon-phase, a single tank of quarantine gas, or 14 days in Sea Urchin years!


Welcome to the December episode of 2020, the season finale of how the Russians stole Christmas (allegedly).

Many businesses and some clients of Equinox will recognize the name SolarWinds, a security, monitoring, and password management application developer. SolarWinds products are massively popular and generally reputable. But on December 13th, it was announced that a breach had been discovered in SolarWinds Orion, a Remote Monitoring and Management application. This Software allows for security monitoring, health monitoring, and can sometimes allow control and access to computers on the network that is hosting the software.

The software that allows backdoor access and potentially boundless permissions for many hundreds of organizations in the US, and thousands worldwide, was hacked. That's unfortunately as bad as it sounds.

The attack is being called the Sunburst hack. Not to be mistaken for the decades-old Starburst hack of smooshing two different flavors of Starburst candy together to form 1 new, ultimate flavor.

Here is a brief summary of my research on who performed the attack: We have no way of knowing who did it, but it was definitely Russia, but we don't know that, but really it was Russia… (allegedly).

Since the 13th, it's been day after day of new companies and agencies announcing they were compromised. Amazon and Microsoft are some of the biggest names in the private sector that were affected. As far as we know, several government organizations were hit- "The US Treasury and departments of homeland security, state, defence and commerce were attacked…"

Orion was infiltrated in March of 2020 and the attack was highly sophisticated, as it was not detected until December. For 9 months, the attackers had access to the system, but it may have been a dormant access until recently. It is still unknown what the goal was, but it has been confirmed that highly sensitive information was vulnerable and accessible by the perpetrators of the attack. This may well be another strike in the Cyber Cold War that has been escalating since 2008 and has accelerated in the last five years. This is Cold War 2, The Sequel: This Time, It's Personal, But Last Time It Was Too. And with how personal it is, the Cybersecurity and Infrastructure Security Agency has issued a requesting compliance in the investigation for those organizations that were compromised in the attack.

If you were lucky enough to not have been targeted, you should still take action to ensure you're not on the hit list for the next attack. While it's unlikely that foreign governments will target you and I directly, they have made it clear that they are willing to use private businesses as a gateway to perform attacks on our government. The more typical, less spy-movie cyber-attacks on businesses have been increasing steadily, year after year. Network and endpoint security have proven to be the most important safeguards for any business.

Some of the most important areas to focus on are malware protection, credential management, firewalls, domain authentication and many others. If you aren't sure what steps you should take or have any questions, feel free to contact us! We'd love to help you take some steps to improve your businesses security, and sometimes there are big improvements that can be made for very cheap, or even be completely covered by your contract. Let's start the year right and take some steps to keep ourselves protected.

I thought this year would never die, but I'm thrilled to say, happy new year, and good riddance 2020!

Posted in: Security, News