SUNBURST Malware

Cybersecurity experts have identified a large-scale supply-chain attack, which delivered the SUNBURST Malware to customers of the SolarWinds Orion software suite. The first information about the ongoing attack was published on the 13th of December, and experts suspect that thousands of individuals and companies might have been affected by the SUNBURST Malware attack. Supply-chain attacks are threatening exceptionally because it is highly unlikely that victims will suspect that a legitimate software vendor is delivering malware to their system – such attacks can be prevented reliably by using an up-to-date anti-malware software suite.

The Trojanized software updates carrying the SUNBURST Malware were first introduced in March 2020, so the process managed to stay under the radar for a fairly long time. But what is this malware family exactly and what danger does it pose? According to researchers, the SUNBURST Malware does not get into action immediately – instead, it may stay dormant for days or even weeks before it takes any action. It pings a control server hosted on hxxp://avsvmcloud.com periodically and waits for a specific response meant to trigger the attack.

Once working, the SUNBURST Malware will focus on collecting information about the victim's software, hardware and network configuration. It also creates a comprehensive list of files and directories stored on the infected server. The operators of the SUNBURST Malware also will gain the ability to manage the file system, access the Windows registry and download and run additional payloads.

The safest and most trustworthy way to prevent attacks like the one linked to the SUNBURST Malware is to install and activate a reputable anti-virus software suite, which will scan incoming files for harmful traits.