Closing the Backdoor: Reverse Engineering SUNBURST

Apr 05, 2021
60 Min
Uncategorized Groups (UNC Groups)

At the end of 2020, FireEye revealed the details of a sophisticated threat actor that took advantage of SolarWinds’ Orion Platform to orchestrate a wide-scale supply chain attack and deploy a backdoor we call SUNBURST.

This attack impacted organizations worldwide, leading executives everywhere to question whether their environment fell victim. Discovering, sharing, and shutting down access to the SUNBURST backdoor, which allowed attackers to move freely and spy on victims, required the unique expertise of Mandiant’s Frontline Applied Research and Expertise (FLARE) team. And for Mandiant Managed Defense, the identification of victims started well before the public became aware of the SUNBURST campaign.

Join Mandiant experts for a retelling of the SUNBURST discovery story and a look inside how they addressed the SUNBURST threat with customers, including stories from the front lines of this customer-focused response. Our experts will also highlight:

  • How this prolific cyber-attack changes the way we view security
  • SUNBURST threat actor TTPs and how Mandiant hunts for the most relevant, and dangerous threats
  • What threat hunting techniques should be deployed to find today’s stealthiest attackers

Watch on Demand