Blog

New Report on Lessons Learned Observing SUNBURST's Behavior

Carol Caley

February 11, 2021

How did the SUNBURST attack evade defenses and what must we do going forward? Those are the central questions explored in ExtraHop's latest security report.

SUNBURST used the supply chain to bypass perimeter defenses and gain access. Once inside, it used incredible stealth and sophistication to go unnoticed. But it still left subtle traces on the network, because any attack must cross the network to accomplish its goals.

Executive Summary: What are Supply Chain Attacks?

ExtraHop is uniquely positioned to provide insight into SUNBURST. Using network data to detect, understand, and stop attacks is our area of expertise. Further, ExtraHop Reveal(x) 360 is the only security platform that can see both what's happening now on the network and look back at detailed records of activity going back months.

This report shares new data uncovered by ExtraHop about SUNBURST's behavior over time. It shares real-world examples of the attack behavior uncovered by our customers' security teams (who have been anonymized in the report) during their investigations of SUNBURST.

Read the report

Discover more

CybersecuritySecurity AlertsNDRCommunity

Explore related articles

SUNBURST: An Origin Story

January 6, 2021

Get a forensic examination of the Sunburst attack from ExtraHop and learn how the attack went undetected for so long.

Security AlertsCommunityNDR

Read article

How to Detect and Respond to the SUNBURST Attack

December 14, 2020

Sunburst attack 2020: Learn how to detect and respond to the Sunburst backdoor supply chain attack with ExtraHop's spectrum of detection approaches.

Security AlertsCybersecurityIndustry TrendsRevealXTips and HacksNDR

Read article

Analyzing the SUNBURST SolarWinds Attack Campaign For Threat Intelligence

December 16, 2020

SolarWinds attack: ExtraHop is sharing 1700+ suspicious IP addresses (for threat hunters and data scientists) that were associated with the Sunburst backdoor attack.

Security AlertsIndustry TrendsRevealXCybersecurityTips and HacksNDR

Read article

Experience RevealX NDR for Yourself

Schedule a demo

RevealX platform

Deployment

Integrations

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Solutions

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration

Cloud Workload Monitoring

Network Forensics

Zero Trust

Multicloud & Hybrid Cloud Security

XDR Strategy

SOC Modernization

Financial Services

Education

Public Sector

Federal Civilian Agencies

Defense and Intelligence

State and Local Government

Why ExtraHop

Customer Stories

News

Careers

Technology Partners

Channel Partners

Managed Service Providers

Service Credits

Resident Experts

Deployments

Customer Community

Technical Support

Education Services

C-Level

Security Threats

Company

Products

How-To

NDR

NPM

Ransomware

Zero Trust

Reports

Demos & Videos

Customer Stories

Webinars

Papers & E-books

Data Sheets

Experience NDR

Capabilities

FAQs

Intrusion Detection System

Forensics

Experience NPM

Capabilities

FAQs

Forensics

Ransomware Attacks

Advanced Threat Hunting

Threat Detection and Response

Network Forensics and Investigation

Security Hygiene

Cloud Workload Security

Operational Resilience

Troubleshooting and Resolution

Cloud Migration