How the SolarWinds cyberattacks work
Compromised SolarWinds Orion server
Attack progresses with command-and-control
Pivots across the enterprise to access additional resources
Establishes persistence for future attacks
Data theft or additional actions
A highly sophisticated adversary group compromised SolarWinds to distribute an infected version of Orion software to more than 18,000 customers, including many large enterprises and government agencies. Attacks are able to leverage vulnerable versions of Orion to establish an initial foothold in impacted organizations to carry out future attacks, including data theft or business disruption. To help organizations safely navigate questions related to SolarWinds and other emerging threats, we are making Zscaler’s expertise and resources available to those in need.
Immediate next steps you need to take
Discover if you’re running vulnerable SolarWinds Orion servers
Isolate, disconnect, or power down infected systems
Review logs to identify C&C activity or lateral movement from compromised systems
Reset all credentials used by SolarWinds Orion and associated services
Zscaler best practices and guidance for stopping the SolarWinds cyberattacks
Eliminate your Internet-facing attack surface, stop potential lateral movement and block command-and-control activity with a Zero Trust architecture.
Enable complete SSL inspection and advanced threat prevention on workload to internet traffic.
Run an in-line cloud sandbox to identify and stop advanced, unknown threats.
Enforce protections for known command-and-control traffic with continuous updates as new destinations emerge.
Limit the impact of lateral movement with identity-based microsegmentation for cloud workloads.
Zscaler Internet Access customers have fully automated protections for all known command-and-control servers and payloads.
ZSCALER THREATLABZ BLOG
The Hitchhiker’s Guide to SolarWinds Incident Response
Get expert guidance on how to run your own detection, investigation, and response efforts if you believe you’ve been impacted by the SolarWinds event.
Zscaler cloud infrastructure security & trust
Zscaler’s cloud infrastructure does not use any vulnerable versions of SolarWinds Orion internally, and our platform is secure.
ZSCALER THREATLABZ BLOG
Zscaler Coverage for SolarWinds cyberattacks and FireEye Red Team Tools Theft
Zscaler provides multiple layers of protection across our inline cloud security platform. Get the full details on how we help protect your enterprise.
Engage with Zscaler ThreatLabZ for support
Get expert help from our world-class threat research team to help you understand your risk, assess impact, and improve your security posture.