false

SolarWinds Cyberattack

Learn how it affects you, us and the world.

Read our CISO's response
Watch the Video

How the SolarWinds cyberattacks work

The SolarWinds cyberattack campaign — also called Solorigate or simply the SolarWinds hack — leverages vulnerabilities in SolarWinds Orion software to accomplish a supply chain attack. Malware was embedded into the digitally-signed software and multiple organizations were compromised as a result. The nature and extent of the situation continues to develop, but at least two distinct malware threats — Sunburst and Supernova — have been identified.
Learn About the Sunburst Malware
Learn About the Supernova Malware
Solarwinds Cyberattack

How Splunk can help
Review and update your log types
Review and update your log types ingested into Splunk, then examine DNS, network, and host traffic logs for evidence of Sunburst malware activity.
Examine results of vulnerability scans
Examine results of vulnerability scans, hashes and proxy logs for evidence of Supernova webshell.
Search for unusual activity
Search for unusual activity from your directory and authentication providers for indications of a follow-on attack.
Look for other signs of lateral movement
Look for other signs of lateral movement from compromised hosts.
Expand monitoring across your IT infrastructure
Expand monitoring across your IT infrastructure and your entire software development lifecycle (SDLC)
FEATURED VIDEO

Security experts discuss the SolarWinds attack

Join security experts from Splunk for an in-depth discussion about the SolarWinds attack, and learn best practices and strategies to strengthen your defenses and respond..

Use the navigation button at the top right of the video to jump to the discussion topic of your choice.
Watch the Video
Solarwinds Featured Video Solarwinds Featured Video
play video Light

Splunk Solutions for Security, IT and DevOps
Security TEAMS

Detect indicators in your environment

Streamline the onboarding process and search for threat indicators in your environment.
Easily onboard threat indicators
security-teams-graphic
Recover lost visibility of IT infrastructure
IT TEAMS

Recover lost visibility of IT infrastructure

Without SolarWinds Orion software, you lose visibility. Restore visibility with Splunk and monitor the health and operations of your IT infrastructure.
Recover lost IT visibility
DevOps Teams

Protect your application development resources

Gain visibility into your software delivery chain from code repositories, secrets management, infrastructure-as-code, CI/CD automation and more. This can help your organization detect unauthorized changes to production applications and protect your customers.
Learn how to secure your SDLC
Protect your application development resources
We’re here to help with your Security, IT and DevOps response.
Contact Us
Legal
Privacy
Sitemap
Cookies / Do not sell or share my personal data
Website Terms of Use
Modern Slavery

© 2005 - 2025 Splunk LLC All rights reserved.