Volexity is releasing additional research and indicators associated with compromises impacting customers of the SolarWinds Orion software platform. Volexity has also published a guide for responding to the SolarWinds breach, and how to detect, prevent, and remediate this supply chain attack. On Sunday, December 13, 2020, FireEye released a blog detailing an alleged compromise to the company SolarWinds. This compromise involved a backdoor being distributed through an update to SolarWind’s Orion software product. FireEye attributed this activity to an unknown threat actor it tracks as UNC2452. Volexity has subsequently been able to tie these attacks to multiple incidents it worked in late 2019 and 2020 at a US-based think tank. Volexity tracks this threat actor under the name Dark Halo. At one particular think tank, Volexity worked three separate incidents involving Dark Halo. In the initial incident, Volexity found multiple tools, backdoors, and malware implants that had allowed the attacker to remain undetected for […]
Digital Surveillance
-
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
December 14, 2020
by Damien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster, Volexity Threat Research
-
Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
September 2, 2019
by Andrew Case, Matthew Meltzer, Steven Adair
Over the last several years, numerous reports have emerged regarding the shocking treatment of Uyghurs, a Muslim minority ethnic group that makes up a large part of the Xinjiang Uyghur Autonomous Region (XUAR) in northwest China. The Uyghur people, especially those that want the XUAR to become its own nation under the name East Turkistan, are considered to be a threat to the Chinese Communist Party (CCP). Recent reporting has shown that this point of view by the CCP against the Uyghur people has resulted in wide-scale harassment, relocation to detention camps, and oppressive high-tech surveillance aimed at tracking physical movements and behavior. With all of these reports on physical real-world issues, it should come as no surprise that cyberspace has become a battle ground for the Uyghur people. The level of surveillance occurring in China against Uyghurs extends well beyond their borders and has fully entered the digital realm. […]
-
Democracy in Hong Kong Under Attack
October 9, 2014
by Volexity
Over the last few months, Volexity has been tracking a particularly remarkable advanced persistent threat (APT) operation involving strategic web compromises of websites in Hong Kong and Japan. In both countries, the compromised websites have been particularly notable for their relevance to current events and the high profile nature of the organizations involved. In particular the Hong Kong compromises appear to come on the heels of the Occupy Central Campaign shifting into high gear. These compromises were discovered following the identification of malicious JavaScript that had been added to legitimate code on the impacted websites. This code meant that visitors were potentially subjected to exploit and malicious Java Applets designed to install malware on their systems. While investigating these cases, Volexity also discovered additional APT attack campaigns involving multiple other pro-democratic websites in Hong Kong. These attempts at exploitation, compromise, and digital surveillance are detailed throughout this post. Compromised Pro-Democratic […]