{"id":1256,"date":"2021-03-10T12:35:20","date_gmt":"2021-03-10T07:05:20","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=1256"},"modified":"2021-06-07T11:02:00","modified_gmt":"2021-06-07T05:32:00","slug":"according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/","title":{"rendered":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!"},"content":{"rendered":"\n<p><p style=\"text-align: justify\">According to the investigation, the SolarWinds Orion Network attack must be connected to the Chinese threat Group. Experts from cybersecurity firms report that the attackers are known as Spiral.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">Whereas, if we look out towards the attack executed on Microsoft on December 22, 2020, Microsoft said that another group may infect the infrastructure of Orion software which is later named Supernova. However, several security firms find out that both the attack Supernova and Microsoft attack use .NET web shell module is known as \u201capp_web_logoimagehandler\u201d used in the SolarWinds Orion attack.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Happened Exactly?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">The alternation driven by the experts made possible that the SolarWinds application update infrastructure is not breached by anyone, whereas hackers may use unauthorized vulnerability present in Orion API which is further tracked as CVE-2020-10148. This vulnerability permits the attackers to execute unauthorized API commands.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"728\" height=\"488\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/solarwinds-hack-new-evidence-imagw.jpg\" alt=\"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!\" class=\"wp-image-1257\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/solarwinds-hack-new-evidence-imagw.jpg 728w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/solarwinds-hack-new-evidence-imagw-300x201.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify\">Microsoft also said that unlike the Sunburst attack, the hackers used a malicious DLL file that doesn\u2019t have a valid digital signature which results that this attack is not related to supply chain compromise.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">However, multiple experts also claimed that the starting investigation shows that, the attack was linked to Russia and the origin of another attack named Supernova is still a mystery.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Experts Says?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify\">According to the researchers, who identified the malware in November 2020 while verifying it with their own customer&#8217;s network, the urgent way to target the movement that relates this entire attack to Spiral that had the prior knowledge of the framework used in this attack.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">As the investigation grows, the organizations also said they found some connections between the attacks that happened and the other attack that was investigated in August 2020, which had been conducted by the unknown group to ManageEngine ServiceDesk in 2018.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">Other organizations were unable to catch the attribute of the August attack by the researchers who said that the similarities are founded in Spiral intrusion attack and the Spiral Group is responsible for both the attacks happened.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Conclusion&nbsp;<\/strong><\/h3>\n\n\n\n<p><p style=\"text-align: justify\">Since the connection of China will show the fact that the attacks targeting Manage Engine servers are associated with the threat groups that were located in the country and they are unable to mention the modus operandi that exploits long-term persistence and store user data, plunder intellectual data, and exfiltrate sensitive data.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">After some time, the solid evidence is captured in the form of IP address the are from China, the researchers also said that this IP address is used by the hackers to run the Securework\u2019s endpoint detection and response software that is used by the hackers. The software used is may be stolen by the system of an infected user.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify\">The Hackers download the endpoint agent from the network and execute it on the attacker that modified the infrastructure. The captured IP address was used unintentionally therefore its geolocation deals with the hypothesis that had been used by the Spiral group the operates from China.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to the investigation, the SolarWinds Orion Network attack must be connected to the Chinese threat Group. Experts from cybersecurity firms report that the attackers are known as Spiral. Whereas, if we look out towards the attack executed on Microsoft on December 22, 2020, Microsoft said that another group may infect the infrastructure of Orion [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1258,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"According to the investigation, the SolarWinds Orion Network attack must be connected to the Chinese threat Group. Experts from cybersecurity firms report that the attackers are known as Spiral. Whereas, if we look out towards the attack executed on Microsoft on December 22, 2020, Microsoft said that another group may infect the infrastructure of Orion [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-10T07:05:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-06-07T05:32:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/solarwinds-hack-new-evidence-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"449\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!\",\"datePublished\":\"2021-03-10T07:05:20+00:00\",\"dateModified\":\"2021-06-07T05:32:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\"},\"wordCount\":496,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Infosec News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\",\"url\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\",\"name\":\"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-03-10T07:05:20+00:00\",\"dateModified\":\"2021-06-07T05:32:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/","og_locale":"en_US","og_type":"article","og_title":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited","og_description":"According to the investigation, the SolarWinds Orion Network attack must be connected to the Chinese threat Group. Experts from cybersecurity firms report that the attackers are known as Spiral. Whereas, if we look out towards the attack executed on Microsoft on December 22, 2020, Microsoft said that another group may infect the infrastructure of Orion [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-03-10T07:05:20+00:00","article_modified_time":"2021-06-07T05:32:00+00:00","og_image":[{"width":800,"height":449,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/03\/solarwinds-hack-new-evidence-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!","datePublished":"2021-03-10T07:05:20+00:00","dateModified":"2021-06-07T05:32:00+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/"},"wordCount":496,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Infosec News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/","url":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/","name":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack! - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-03-10T07:05:20+00:00","dateModified":"2021-06-07T05:32:00+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/according-to-investigation-chinese-hackers-are-linked-to-solarwinds-orion-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"According to Investigation Chinese Hackers are Linked to SolarWinds Orion Attack!"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1256"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=1256"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1256\/revisions"}],"predecessor-version":[{"id":1263,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/1256\/revisions\/1263"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/1258"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=1256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=1256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=1256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}