2020年12月に明らかとなった SolarWinds へのサプライチェーン攻撃に関して、SolarWinds 社が最新の調査結果を報告
We now estimate that the actual number of customers who were hacked through SUNBURST to be fewer than 100. It’s important to note that this group of up to 18,000 downloads includes two significant groups that could not have been affected by SUNBURST due to the inability of the malicious code to contact the threat actor command-and-control server: (1) those customers who did not install the downloaded version and (2) those customers who did install the affected version, but only did so on a server without access to the internet. Among a third group of customers, those whose affected servers accessed the internet, we believe, based on sample DNS data, only a very small proportion saw any activity with the command-and-control server deployed by the threat actor. This statistical analysis of the same DNS data leads to our belief that fewer than 100 customers had servers that communicated with the threat actor. This information is consistent with estimates provided by U.S. government entities and other researchers, and consistent with the presumption the attack was highly targeted.