Security researchers responding to the Sunburst backdoor and other issues around the Solar Winds indicate that the threat actors were specifically looking for other keys that could be utilized to farther inflict damage (ie. sign software updates). Based on previous attacks we observed we are 100% positive that there are other software products affected by this same attack. We highly recommend those affected to check access around keys or certificates that are used to sign updates or validate downloads of software products. We think we will see an amplified attack pattern and the Solar Winds attack is not believed to be the only software product that was attacked in this manner. Specifically we noted issues with other downloads back in blog post in 2017 and these same downloads (or variations of them) are still being pushed to users today, since the applications are signed, they install without error.
We have posted additional information including indicators earlier this morning.
Comments