{"id":2461,"date":"2020-12-18T09:09:36","date_gmt":"2020-12-18T14:09:36","guid":{"rendered":"https:\/\/cert.pa\/?p=2461"},"modified":"2020-12-18T09:09:36","modified_gmt":"2020-12-18T14:09:36","slug":"csirt-panama-aviso-2020-12-18-vulnerabilidad-y-campana-de-explotacion-en-solarwinds-orion","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2461","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-12-18 Vulnerabilidad y campa\u00f1a de explotaci\u00f3n en SolarWinds Orion"},"content":{"rendered":"\n<p>Gravedad: Alta<br>\nFecha de publicaci\u00f3n: Diciembre 18, 2020<br>\n\u00daltima revisi\u00f3n: Diciembre 18, 2020<br>\nhttps:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-352a<\/p>\n\n\n\n<p>Sistemas Afectados:<br>\nSolarWinds Orion Platform, versiones 2019.4 HF 5, 2020.2 sin hotfix y 2020.2 HF 1, en los siguientes productos:<br>\nApplication Centric Monitor (ACM),<br>\nDatabase Performance Analyzer Integration Module (DPAIM),<br>\nEnterprise Operations Console (EOC),<br>\nHigh Availability (HA),<br>\nIP Address Manager (IPAM),<br>\nLog Analyzer (LA),<br>\nNetwork Automation Manager (NAM),<br>\nNetwork Configuration Manager (NCM),<br>\nNetwork Operations Manager (NOM),<br>\nNetwork Performance Monitor (NPM),<br>\nNetFlow Traffic Analyzer (NTA),<br>\nServer &amp; Application Monitor (SAM),<br>\nServer Configuration Monitor (SCM),<br>\nStorage Resource Monitor (SCM),<br>\nUser Device Tracker (UDT),<br>\nVirtualization Manager (VMAN),<br>\nVoIP &amp; Network Quality Manager (VNQM),<br>\nWeb Performance Monitor (WPM).<\/p>\n\n\n\n<p>I. Descripci\u00f3n<br>\nFireEye ha descubierto un ataque a la cadena de suministro que ha troyanizado las actualizaciones del software empresarial SolarWinds Orion para distribuir un malware tipo backdoor denominado SUNBURST. <br>\nLa campa\u00f1a, cuyos actores responsables son conocidos como UNC2452, est\u00e1 muy extendida y afecta a organizaciones p\u00fablicas y privadas de todo el mundo.<br>\nEl malware enmascara su tr\u00e1fico de red como el protocolo OIP (Orion Improvement Program) y almacena los resultados del reconocimiento en archivos de configuraci\u00f3n de plugins leg\u00edtimos, lo que le permite ocultarse entre la actividad leg\u00edtima de SolarWinds. <br>\nEl backdoor utiliza m\u00faltiples listas de bloqueo ofuscadas para identificar las herramientas forenses y antivirus que se ejecutan como procesos, servicios y controladores.<br>\nLa actividad posterior a este compromiso de la cadena de suministro ha incluido movimiento lateral y robo de datos. FireEye est\u00e1 publicando firmas para detectar esta amenaza.<\/p>\n\n\n\n<p>II. Referencia a soluciones, herramientas e informaci\u00f3n<br>\nPara Orion Platform v2020.2 sin hotfix y 2020.2 HF 1, actualizar a la versi\u00f3n 2020.2.1 HF 2. Esta versi\u00f3n reemplaza el componente comprometido y proporciona varias mejoras de seguridad adicionales.<br>\nPara Orion Platform v2019.4 HF 5, actualizar a la versi\u00f3n 2019.4 HF 6.<br>\nSe recomienda actualizar SolarWinds Orion Platform a estas versiones a la mayor brevedad, ya que esta vulnerabilidad podr\u00eda ser explotada de manera activa. <\/p>\n\n\n\n<p>III. Informaci\u00f3n de contacto<br>\nCSIRT PANAMA<br>\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br>\nE-Mail: info@cert.pa<br>\nPhone: +507 520-CERT (2378)<br>\nWeb: https:\/\/cert.pa<br>\nTwitter: @CSIRTPanama<br>\nFacebook: http:\/\/www.facebook.com\/CSIRTPanama<br>\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Alta Fecha de publicaci\u00f3n: Diciembre 18, 2020 \u00daltima revisi\u00f3n: Diciembre 18, 2020 https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-352a Sistemas Afectados: SolarWinds Orion Platform, versiones 2019.4 HF 5, 2020.2 sin hotfix y 2020.2 HF 1, en los siguientes productos: Application&#8230;<\/p>\n","protected":false},"author":4,"featured_media":2462,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[48,132,133,68],"class_list":["post-2461","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-backdoors","tag-campana-de-explotacion","tag-solar-winds","tag-vulnerabilidades"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2461"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2461\/revisions"}],"predecessor-version":[{"id":2463,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2461\/revisions\/2463"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2462"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}