Alert

TTP Table for Detecting APT Activity Related to SolarWinds Compromise

Last Revised

CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds Orion supply chain compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders in detecting and responding to this activity.

CISA encourages network defenders to review [SolarWinds: Detecting Advanced Persistent Threat Activity from Known Tactics, Techniques, and Procedures] and implement the recommendations. CISA also recommends network defenders review the following resources regarding this incident:

This product is provided subject to this Notification and this Privacy & Use policy.