A review of SolarWinds attack on Orion platform using persistent threat agents and techniques for gaining unauthorized access

TL;DR

This paper reviews the SolarWinds Orion Platform attack, analyzing the threat agents, attack techniques, and security gaps, providing insights into defense strategies and incident response improvements.

Contribution

It offers a comprehensive analysis of the SolarWinds attack, highlighting technical vulnerabilities, attack methods, and proposing security enhancements for future defense.

Findings

Identification of key attack vectors and techniques used by hackers.

Analysis of security gaps in the Orion Platform and supply chain.

Recommendations for improving incident response and cyber hygiene.

Abstract

This paper of work examines the SolarWinds attack, designed on Orion Platform security incident. It analyses the persistent threats agents and potential technical attack techniques to gain unauthorized access. In 2020 SolarWinds attack indicates an initial breach disclosure on Orion Platform software by malware distribution on IT and government organizations such as Homeland Security, Microsoft and Intel associated with supply chains leaks consequences from small loopholes in security systems. Hackers increased the number of infected company and businesses networks during the supply-chain attack, hackers were capable to propagate the attack by using a VMware exploit. On the special way they started to target command injections, privilege escalations, and use after free platforms of VMware. In this way, they gained access to Virtual Machines and in the east way pivot other servers. This literature review aim to analyze the security gap regarding to SolarWinds incident on Orion Platform, the impact on industry and financial sectors involving the elements of incident response plan. Therefore, this research paper ensures specifications of proper solutions for possible defense security systems by analyzing a SolarWinds attack case study via system evaluation and monitoring. It concludes with necessary remediation actions on cyber hygiene countermeasures, common vulnerabilities and exposure analysis and solutions.