This case study analyzes the SUNBURST supply chain compromise, a massive cyberattack discovered targeting SolarWinds software updates to infiltrate government and private sector networks. It demonstrates how analysts can rapidly examine and visualize the malware's scale and scope—during or post-incident—using Farsight DNSDB passive DNS data integrated with Maltego. By dissecting the SUNBURST attack pattern and malware behavior, including its multi-stage flow (as overviewed by FireEye), the study reveals critical insights. DomainTools software proved invaluable through DNSDB's vast historical passive DNS dataset, enabling comprehensive mapping of malicious domains, timeline reconstruction of attacker movements, precise visualization of compromise breadth, and accelerated post-attack forensi

Join for free to read