Who was affected by this?
This is a global campaign that introduced
a compromise into public and private organizations' networks through
the software supply chain. At this point in our investigation, we have
detected this activity in multiple entities worldwide. The victims
have included government, consulting, technology, healthcare, telecom,
and oil and gas entities in North America, Europe, Asia, and the
Middle East. There may be additional victims in other countries and verticals.
How did this affect FireEye?
Based on the latest findings from our
investigation, we determined the SolarWinds compromise was the
original vector for the attack against FireEye. We believe that this
is the initial attack vector after which they used other sophisticated
techniques to penetrate and remain hidden in our network. Through the
combination of our technology, intelligence, and expertise, we
uncovered the SUNBURST campaign.
Does this affect FireEye products?
No. We have already updated our products
to detect the known altered SolarWinds binaries. We are also scanning
for any traces of activity by this actor and reaching out to customers
if we see potential indicators.
How was the intrusion detected?
The intrusion was detected by monitoring
secondary registrations of our Two-Factor authentication and reporting
on suspicious behavior.