Threat Encyclopedia

Sunburst

Brief

This botnet is a generic detection for a trojan that was involved in the high profile SolarWinds Orion and Fireeye incidence affecting multiple organizations worldwide. More details about this indidence on Supply Chain Attack on SolarWinds Orion Platform.

Symptoms

Some possible symptoms include, but are not limited to:

  • As this attack a includes a backdoor component, it would be expected to have some communications with its CNC Servers, thus an uncommon network traffic to some suspicious site/CNC combined with a known presence of the affected Solarwind product versions can be attributed to this.

Instructions

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.