HomeAttack Flows
Interactive Attack Flows
Visualize Real-World Attack Sequences
Step-by-step visualizations of documented cyber attacks showing how adversaries chain techniques together to achieve their objectives.
SolarWinds Supply Chain Attack
The SUNBURST attack compromised SolarWinds Orion software updates to gain access to thousands of organizations including government agencies.
APT29 (Cozy Bear)Government, Technology
Initial Access
T1195.002
Supply Chain Compromise
Step 1
Execution
T1569.002
System Services
Step 2
Defense Evasion
T1027
Obfuscated Files or Information
Step 3
Command and Control
T1071.004
Application Layer Protocol
Step 4
Credential Access
T1552.004
Unsecured Credentials
Step 5
Lateral Movement
T1550.001
Use Alternate Authentication Material
Step 6
Step 1 of 6
T1195.002Initial Access
Supply Chain Compromise: Compromise Software Supply Chain
Adversaries compromised the SolarWinds Orion build process to inject malicious code (SUNBURST) into legitimate software updates.
Indicators of Compromise
- Modified DLL files in Orion updates
- Unusual build process modifications
- Code signing with legitimate certificates
Mitigations
- Software supply chain integrity verification
- Code signing validation
- Build process security