Sunburst: the attack that shook the world

Cyber analysts recently discovered the “Sunburst” attack malware, which triggered a series of cyber-espionage attacks that began in the spring of 2020. The attack involved thousands of public administrations, private organizations and individuals on a global scale. American investigators have been pointing fingers at Russian-sponsored hackers. US authorities have labelled it as the most severe cyberattack against public and private bodies alike in the United States and believe that the origin of the threat are Russia-sponsored hackers.

How did the Sunburst attack happen?

What happened exactly? Let’s explore which intrusion technique hackers employed in this case. First, hackers implanted a malware in the software update of a platform installed in millions of PCs in the United States and in the whole world. Afterwards, this malware allowed hackers to gain access to data stored in infected devices e to take control of their systems. This happened after a silent latency period of about two weeks. Criminals employed a very simple intrusion strategy in principle, but extremely complex in practice. This malware aims at a domain of the Command and Control (C&C) infrastructure. Traffic towards this domain imitates normal communications from the API so that the detection of the malware is difficult. In brief, the attack was silent as well as highly penetrative.

Sunburst attack: damage analysis

As we have said above, key strategic stakeholders were the objective of the attack, including government agencies and big business. But how was extensive the damage of the Sunburst attack? Sunburst hit sensitive stakeholders such as the US Armed Forces, except for the Space Force, Pentagon, NSA, NASA, many US departments, and the White House. Furthermore, the attack affected 425 business of the 500 Fortune club, that is the 500 biggest companies of the US. According to experts, just 18 thousand users downloaded the update containing the malware. However, the attack involved other countries. In Italy, for instance, the government has activated the Nucleus for Cybersecurity to keep the guard up on the consequences of this intrusion.

Conclusions

In conclusion, this attack jeopardized key bodies and institution – public and private alike – on worldwide scale. A quick damage assessment will be difficult to perform. Attacks of this type are sneaky and security experts have not yet quantified the extension of the damage. For more info on how to protect yourself from this threat, visit the official CSIRT website. Regarding Italy,  the government has activated the Nucleus for Cybersecurity