Cisco AMP for Endpoints Announcement – SolarWinds Supply Chain Attack
Cisco Talos is monitoring announcements by FireEye and Microsoft that a possible nation-state actor compromised high-value government and private organizations globally using SolarWinds Orion. You may see retrospective detection alerts based on ongoing threat intelligence and hunting activities named ‘Win.Backdoor.SUNBURST.tii.Talos’. This is NOT a false positive and you should respond accordingly given the SolarWinds Security Advisory.
See the latest Cisco Talos blog post for information, updates, and detection guidance.