Win / TheDonald
Sign In
DEFAULT COMMUNITIES Front All General AskWin Funny Technology Animals Sports Gaming DIY Health Positive Privacy
Reason: None provided.

Basic DNS filtering neuters this malware.

Regardless of whether Orion can reach the Internet, if sunburst can't resolve the top-level domain used for C2, it deactivates. Much like Wannacry from three years ago. The C2 domain has been marked as malware by most threat intel providers for some time.

These are basic controls even 10-employee SMBs have in place today. Unless they're lazy and ignorant.

Edit: working on confirming a report that FEYE's Orion simply had a stored password to an Amazon S3 bucket where FireEye's tools were sitting. Hacking unsecured S3 bucket = 15 year-old script kiddie stuff, not nation-state level hacking.

76 days ago
1 score
Reason: Original

Basic DNS filtering neuters this malware.

Regardless of whether Orion can reach the Internet, if sunburst can't resolve the top-level domain used for C2, it deactivates. Much like Wannacry from three years ago. The C2 domain has been marked as malware by most threat intel providers for some time.

These are basic controls even 10-employee SMBs have in place today. Unless they're lazy and ignorant.

76 days ago
1 score