Articles Lists of Companies Affected by the SolarWinds Hack has...

Lists of Companies Affected by the SolarWinds Hack has Published

-

Several information security companies have published lists of SolarWinds customers who have been affected by the hacking of the company  and the infection of the Orion platform with malware. The victims of hackers include tech companies, local governments, universities, hospitals, banks, telecom operators and many others.

Notable names include Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense. MediaTek, one of the world’s largest semiconductor manufacturers, is also believed to have been affected, although researchers are not yet 100% sure.

Let me remind you that the malware that spread using malicious versions of Orion (released between March and June 2020) was codenamed SUNBURST (aka Solorigate). According to reports from  Microsoft ,  FireEye ,  McAfee ,  Symantec , Kaspersky Lab and the US Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency ( DHS CISA ), the malware collected information about the victim’s network in infected systems, waited 12-14 days and then sent this data to the attackers’ remote server. If after that the malware operators recognized the company’s network as interesting, they developed the attack further and continued to collect information.

solorigate-attack-chain
solorigate-attack-chain

According to official figures, of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the infected version of the platform was installed on 18,000 customers. Initially, it was believed that only SolarWinds specialists would be able to identify all the victims, but as other experts continued to study the work of SUNBURST, they discovered some peculiarities in the work of the malware. For example, related to how she pings her C&C server.

It turned out that SUNBURST was sending data collected on the infected network to the URL of its C&C server, unique for each victim. The unique URLs were subdomains of avsvmcloud [.] Com and consisted of four parts, the first of which was a seemingly random string. However, security researchers soon noticed that this string was not actually random, but contained the encoded domain name of the victim’s local network.

Let me remind you that, according to FireEye, despite the compromise of 18,000 SolarWinds customers, the hackers continued to attack only the networks of 50 companies . Microsoft experts, in turn, wrote that they were able to identify about 40 victims from among their customers.

The attack usually progressed when the avsvmcloud [.] Cxom control server responded to malware with a specific DNS response with a specific CNAME field. This special field contained the address of the second command and control server, from which SUNBURST could receive additional commands and sometimes download more malware.

At present, only one company is known for certain, which the hackers continued to hack – this is the information security company FireEye, whose reaction to the attack shed light on the compromise of SolarWinds in general.

Edition ZDNet reports that there are now many in the IB community work with content delivery networks, Internet service providers and other companies for the passive DNS data collection and tracking traffic avsvmcloud [.] Com. All this activity is aimed at identifying other victims, to whose networks cybercriminals could also gain in-depth access. Reporters cite a table compiled by the aforementioned company Truesec, which contains decoded internal domain names for some of the victims of the SolarWinds compromise. We quote this list below.

Decoded internal namePotential victimResponse address familyTeamFirst seen
mnh.rg-law.ac.ilCollege of Law and Business (Israel)NetBiosHTTP Backdoor2020-05-26
ad001.mtk.loMediatekNetBiosHTTP Backdoor2020-08-26
AeriaNetBiosHTTP Backdoor2020-06-26
AmeriNetBiosHTTP Backdoor2020-08-02
ank.comAnkcom CommunicationsNetBiosHTTP Backdoor2020-06-06
azlcyyNetBiosHTTP Backdoor2020-08-07
banccentral.comBancCentral Financial
Services Corp.
NetBiosHTTP Backdoor2020-07-03
barrie.caBarrie City (Canada)NetBiosHTTP Backdoor2020-05-13
BCC.lNetBiosHTTP Backdoor2020-08-22
bhq.lanNetBiosHTTP Backdoor2020-08-18
cds.capilanou.Capilano University (Canada)NetBiosHTTP Backdoor2020-08-27
CentrNetBiosHTTP Backdoor2020-06-24
chc.domNetBiosHTTP Backdoor2020-08-04
christieclinic.Christie Telemedicine ClinicNetBiosHTTP Backdoor2020-04-22
CIMBMNetBiosHTTP Backdoor2020-09-25
CIRCUNetBiosHTTP Backdoor2020-05-30
CONSONetBiosHTTP Backdoor2020-06-17
corp.ptci.comPioneer Telephone
Scholarship Recipients
NetBiosHTTP Backdoor2020-06-19
corp.stingraydiStingrayNetBiosHTTP Backdoor2020-06-10
corp.stratusnetStratus NetworksNetBiosHTTP Backdoor2020-04-28
cosgroves.localCosgrovesNetBiosHTTP Backdoor2020-08-25
COTESCotesNetBiosHTTP Backdoor2020-07-25
csnt.princegeorPrince George (Canada)NetBiosHTTP Backdoor2020-09-18
cys.localCYS GroupNetBiosHTTP Backdoor2020-07-10
digitalsense.coDigital senseNetBiosHTTP Backdoor2020-06-24
ehtuh-NetBiosHTTP Backdoor2020-05-01
escap.orgNetBiosHTTP Backdoor2020-07-10
f.gnamNetBiosHTTP Backdoor2020-04-04
fhc.localNetBiosHTTP Backdoor2020-07-06
fidelitycomm.loFidelity CommunicationsNetBiosHTTP Backdoor2020-06-02
fisherbartoninc.comThe Fisher Barton GroupNetBiosHTTP Backdoor2020-05-15
fmtn.adFarmington townNetBiosHTTP Backdoor2020-07-21
FWO.INetBiosHTTP Backdoor2020-08-05
ggsg-us.ciscoCisco GGSGNetBiosHTTP Backdoor2020-06-24
ghsmain1.ggh.gNetBiosHTTP Backdoor2020-06-09
gxwNetBiosHTTP Backdoor2020-07-07
htwanmgmt.localNetBiosHTTP Backdoor2020-07-22
ieb.go.idNetBiosHTTP Backdoor2020-06-12
int.ncahs.netNetBiosHTTP Backdoor2020-09-23
internal.jtl.cNetBiosHTTP Backdoor2020-05-19
ironform.comIronformNetBiosHTTP Backdoor2020-06-19
isiNetBiosHTTP Backdoor2020-07-06
itps.uk.netInfection Prevention SocietyNetBiosHTTP Backdoor2020-08-11
jxxyx.NetBiosHTTP Backdoor2020-06-26
kcpl.comKansas City Power and
Light Company
NetBiosHTTP Backdoor2020-07-07
keyano.localKiano CollegeNetBiosHTTP Backdoor2020-06-03
khi0klNetBiosHTTP Backdoor2020-08-26
lhc_2fNetBiosHTTP Backdoor2020-04-18
lufkintexas.netLufkin City (Texas, USA)NetBiosHTTP Backdoor2020-07-07
magnoliaisd.locMagnolia Independent School DistrictNetBiosHTTP Backdoor2020-06-01
MOC.lNetBiosHTTP Backdoor2020-04-30
moncton.locMoncton City (Canada)NetBiosHTTP Backdoor2020-08-25
mountsinai.hospMount Sinai HospitalNetBiosHTTP Backdoor2020-07-02
netdecisions.loNetdecisionsNetBiosHTTP Backdoor2020-10-04
newdirections.kNetBiosHTTP Backdoor2020-04-21
nswhealth.netNSW HealthNetBiosHTTP Backdoor2020-06-12
nzi_9pNetBiosHTTP Backdoor2020-08-04
city.kingston.on.caCity of Kingston (Canada)NetBiosHTTP Backdoor2020-06-15
dufferincounty.on.caDufferin County (Canada)NetBiosHTTP Backdoor2020-07-17
osb.localNetBiosHTTP Backdoor2020-04-28
oslerhc.orgWilliam Osler Health SystemNetBiosHTTP Backdoor2020-07-11
pageaz.govCity of Page (USA)NetBiosHTTP Backdoor2020-04-19
pcsco.comProfessional Computer SystemsNetBiosHTTP Backdoor2020-07-23
pkgix_NetBiosHTTP Backdoor2020-07-15
pqcorp.comPQ CorporationNetBiosHTTP Backdoor2020-07-02
prod.hamilton.Hamilton companyNetBiosHTTP Backdoor2020-08-19
resprod.comRes GroupNetBiosHTTP Backdoor2020-05-06
RPM.lNetBiosHTTP Backdoor2020-05-28
sdch.localSouth Davis
Community Hospital
NetBiosHTTP Backdoor2020-05-18
servitia.internNetBiosHTTP Backdoor2020-06-16
sfsi.stearnsbanBank StearnsNetBiosHTTP Backdoor2020-08-02
signaturebank.lSignature BankNetBiosHTTP Backdoor2020-06-25
sm-group.localSM GroupNetBiosHTTP Backdoor2020-07-07
te.nzTE ConnectivityNetBiosHTTP Backdoor2020-05-13
thx8xbNetBiosHTTP Backdoor2020-06-16
tx.orgNetBiosHTTP Backdoor2020-07-15
usd373.orgNewton Public SchoolsNetBiosHTTP Backdoor2020-08-01
uzqNetBiosHTTP Backdoor2020-10-02
ville.terrebonnVille de terrebonneNetBiosHTTP Backdoor2020-08-02
wrbaustralia.adWR Berkley Insurance AustraliaNetBiosHTTP Backdoor2020-07-11
ykzNetBiosHTTP Backdoor2020-07-11
2iqzthImpLinkEnum processes2020-06-17
3if.2l3IFImpLinkEnum processes2020-08-20
airquality.orgSacramento Metropolitan
Air Quality Management District
ImpLinkEnum processes2020-08-09
ansc.gob.peGOBImpLinkEnum processes2020-07-25
bcofsa.com.arBanco de FormosaImpLinkEnum processes2020-07-13
bi.corpImpLinkEnum processes2020-12-14
bop.com.pkThe Bank of PunjabImpLinkEnum processes2020-09-18
camcity.localImpLinkEnum processes2020-08-07
cow.localImpLinkEnum processes2020-06-13
deniz.denizbankDenizBankImpLinkEnum processes2020-11-14
ies.comIES CommunicationsImpLinkEnum processes2020-06-11
insead.orgINSEAD Business SchoolImpLinkEnum processes2020-11-07
KS.LOImpLinkEnum processes2020-07-10
mixonhill.comMixon hillImpLinkEnum processes2020-04-29
ni.corp.natinsImpLinkEnum processes2020-10-24
phabahamas.org Public Health Administration (Caribbean)
Caribbean
ImpLinkEnum processes2020-11-05
rbe.sk.caRegina Public Schools (Canada)ImpLinkEnum processes2020-08-20
spsd.sk.caSaskatoon Public Schools (Canada)ImpLinkEnum processes2020-06-12
yorkton.cofyCommunity Options for
Families & Youth
ImpLinkEnum processes2020-05-08
.sutmfIpxUpdate config2020-06-25
atg.localNo MatchUnknown2020-05-11
bisco.intBisco InternationalNo MatchUnknown2020-04-30
ccscurriculum.cNo MatchUnknown2020-04-18
e-idsolutions.IDSolutionsNo MatchUnknown2020-07-16
ETC1.No MatchUnknown2020-08-01
gk5No MatchUnknown2020-07-09
grupobazar.locaNo MatchUnknown2020-06-07
internal.hws.oNo MatchUnknown2020-05-23
n2kNo MatchUnknown2020-07-12
publiser.itNo MatchUnknown2020-07-05
us.deloitte.coDeloitteNo MatchUnknown2020-07-08
ush.comNo MatchUnknown2020-06-15
xijtt-No MatchUnknown2020-07-21
xnet.kzX NETNo MatchUnknown2020-06-09
zu0No MatchUnknown2020-08-13
staff.technion.ac.ilN / AN / AN / A
digitalreachinc.comN / AN / AN / A
orient-express.comN / AN / AN / A
tr.technion.ac.ilN / AN / AN / A
lasers.state.la.usN / AN / AN / A
ABLE.N / AN / AN / A
abmuh_N / AN / AN / A
acmedctr.adN / AN / AN / A
ad.azarthritis.comN / AN / AN / A
ad.library.ucla.eduN / AN / AN / A
ad.optimizely.N / AN / AN / A
admin.calliduscN / AN / AN / A
aerioncorp.comN / AN / AN / A
agloan.adsN / AN / AN / A
ah.orgN / AN / AN / A
AHCCCN / AN / AN / A
allegronet.co.N / AN / AN / A
alm.brand.dkN / AN / AN / A
amalfi.localN / AN / AN / A
americas.phoeniN / AN / AN / A
amr.corp.intelN / AN / AN / A
apu.mnN / AN / AN / A
ARYZTN / AN / AN / A
b9f9hqN / AN / AN / A
BE.AJN / AN / AN / A
belkin.comN / AN / AN / A
bk.localN / AN / AN / A
bmrn.comN / AN / AN / A
bok.comN / AN / AN / A
btb.azN / AN / AN / A
c4e-internal.cN / AN / AN / A
calsb.orgN / AN / AN / A
casino.prvN / AN / AN / A
cda.corpN / AN / AN / A
central.pima.gN / AN / AN / A
cfsi.localN / AN / AN / A
ch.localN / AN / AN / A
ci.dublin.ca.N / AN / AN / A
cisco.comN / AN / AN / A
corp.dvd.comN / AN / AN / A
corp.sana.comN / AN / AN / A
CountN / AN / AN / A
COWI.N / AN / AN / A
coxnet.cox.comN / AN / AN / A
CRIHBN / AN / AN / A
cs.haystax.locN / AN / AN / A
csa.localN / AN / AN / A
csci-va.comN / AN / AN / A
csqsxhN / AN / AN / A
DCCATN / AN / AN / A
deltads.entN / AN / AN / A
detmir-group.rN / AN / AN / A
dhhs-N / AN / AN / A
dmv.state.nv.N / AN / AN / A
dotcomm.orgN / AN / AN / A
DPCITN / AN / AN / A
dskb2xN / AN / AN / A
e9.2pzN / AN / AN / A
ebe.co.roanoke.va.usN / AN / AN / A
ecobank.groupN / AN / AN / A
ecocorp.localN / AN / AN / A
epl.comN / AN / AN / A
fremont.lamrc.N / AN / AN / A
FSAR.N / AN / AN / A
ftfcu.corpN / AN / AN / A
gksm.localN / AN / AN / A
gloucesterva.neN / AN / AN / A
glu.comN / AN / AN / A
gnb.localN / AN / AN / A
gncu.localN / AN / AN / A
gsf.ccN / AN / AN / A
gyldendal.localN / AN / AN / A
helixwater.orgN / AN / AN / A
hgvc.comN / AN / AN / A
ia.comN / AN / AN / A
inf.dc.netN / AN / AN / A
ingo.kgN / AN / AN / A
innout.corpN / AN / AN / A
int.lukoil-international.uzN / AN / AN / A
intensive.intN / AN / AN / A
ions.comN / AN / AN / A
its.iastate.edN / AN / AN / A
jarvis.labN / AN / AN / A
-jlowdN / AN / AN / A
jn05n8N / AN / AN / A
jxb3ehN / AN / AN / A
k.comN / AN / AN / A
LABELN / AN / AN / A
milledgeville.lN / AN / AN / A
nacr.comN / AN / AN / A
ncpa.locN / AN / AN / A
neophotonics.coN / AN / AN / A
net.vestfor.dkN / AN / AN / A
nih.ifN / AN / AN / A
nvidia.comN / AN / AN / A
on-potN / AN / AN / A
ou0yoyN / AN / AN / A
paloverde.localN / AN / AN / A
pl8uw0N / AN / AN / A
q9owttN / AN / AN / A
rai.comN / AN / AN / A
rccf.ruN / AN / AN / A
repsrv.comN / AN / AN / A
ripta.comN / AN / AN / A
roymerlin.comN / AN / AN / A
rs.localN / AN / AN / A
rst.atlantis-pak.ruN / AN / AN / A
sbywx3N / AN / AN / A
sc.pima.govN / AN / AN / A
scif.comN / AN / AN / A
SCMRIN / AN / AN / A
scroot.comN / AN / AN / A
seattle.internaN / AN / AN / A
securview.localN / AN / AN / A
SFBALN / AN / AN / A
SF-LiN / AN / AN / A
siskiyous.eduN / AN / AN / A
sjhsagov.orgN / AN / AN / A
SmartN / AN / AN / A
smes.orgN / AN / AN / A
sos-ad.state.nv.usN / AN / AN / A
sro.vestfor.dkN / AN / AN / A
superior.localN / AN / AN / A
swd.localN / AN / AN / A
ta.orgN / AN / AN / A
taylorfarms.comN / AN / AN / A
thajxqN / AN / AN / A
thoughtspot.intN / AN / AN / A
tsyahrN / AN / AN / A
tv2.localN / AN / AN / A
uis.kent.eduN / AN / AN / A
uncity.dkN / AN / AN / A
uont.comN / AN / AN / A
viam-invenientN / AN / AN / A
vms.ad.varian.comN / AN / AN / A
vsp.comN / AN / AN / A
WASHON / AN / AN / A
weioffice.comN / AN / AN / A
wfhf1.hewlett.N / AN / AN / A
woodruff-sawyerN / AN / AN / A
HQ.RE-wwgi2xnlN / AN / AN / A
xdxinc.netN / AN / AN / A
y9k.inN / AN / AN / A
zeb.i8N / AN / AN / A
zippertubing.coN / AN / AN / A

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you