When looking at the Sunburst attack and the effect that the supply chain attack on Orion platform as a springboard to infect 18,000 downstream customers. This gives a better understanding of the Threat Actor's capabilities and a deep dive into what happened during each stage of the attack. We discuss the access the Threat Actors had on cloud platforms and what was stored onto the Orion databases. Finally, we go into what we can expect in future supply chain attacks and how to prevent them.


RSA® Conference, the world’s leading information security conferences and expositions, concluded its 30th annual event, which took place as a fully virtual experience this week. This year’s theme was Resilience, and in honor of all that the cybersecurity industry has accomplished over the past three decades, offered a must-attend celebration of thought leadership and education.


More than 20,000 people registered to view 449 sessions including, keynotes, track sessions, interactive programs, tutorials, seminars, and many special digital-first programs that focused on best practices and innovation. The content covered many of the industry’s most pressing topics, including privacy, machine learning and artificial intelligence, analytics, anti-fraud, policy and government, and risk management and governance.

Inside the Mind of the SUNBURST Adversary

Conference: RSA Conference 2021

Abstract

Post a comment

Related work

Attack Surface as a Service

Kubernetes Supply Chain Security: The Software Factory

Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed

From Illuminating to Eliminating Crypto Jacking Techniques in Cloud Native

Untrusted Execution: Attacking the Cloud Native Supply Chain

ChaosDB: How We Hacked Databases of Thousands of Azure Customers