Supply Chain Attacks – Die Lieferkette schlägt zurück

ein Artikel von Verena Eichinger, Amelie Kassner und Elisa Zeller


[1] Abrams, L. (2021, 26. Juli). Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities. BleepingComputer.
[2]Bajak, F. (2020, 19. Dezember). Hacked networks will need to be burned „down to the ground“. AP NEWS.
[3]Bing, C. (2020, 19. Dezember). Second hacking team was targeting SolarWinds at time of big breach. Reuters.
[4]CISQ. (o. D.-a). Overview | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von
[5]CISQ. (o. D.-b). Software Bill of Materials | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von
[6]CISQ. (o. D.-c). Software Quality Standards – ISO 5055 | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von
[7]CrowdStrike Intelligence Team. (2021, 11. Juli). SUNSPOT Malware: A Technical Analysis | CrowdStrike. CrowdStrike Blog.
[8]Ekran. (o. D.). Ekran System — Full Cycle Insider Risk Management Solution. Abgerufen am 7. August 2021, von
[9]FireEye. (2020, 13. Dezember). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor.
[10]Gatlan, S. (2021, 31. Juli). DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices. BleepingComputer.
[11]Google. (2021b, Juni 16). Introducing SLSA, an End-to-End Framework for Supply Chain Integrity. Google Online Security Blog.
[12]Grane, V. (2021, 13. Juli). How a supply chain attack closed one of Sweden’s largest supermarket chains. IBM Nordic Blog.
[13]GRC World Forums. (2021, 7. Juli). REvil hits thousands in largest-ever ransomware attack.
[14]Greive, M. (2021, 14. Juli). Corona dreht die Globalisierung nicht zurück. Handelsblatt.
[15]Hammond, J. (2021, 20. Juli). Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident. Huntress.
[16]Kaczorowski, M. (2021, 2. September). Secure at every step: What is software supply chain security and why does it matter? The GitHub Blog.
[17]Kaseya. (2021, 29. Juli). Important Notice July 29th, 2021.
[18]Kaseya. (o. D.). Incident Overview & Technical Details. Abgerufen am 3. August 2021, von
[19]Kessem, L. (2021, 7. Juli). REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya. Security Intelligence.
[20]Korolov, M. (2021, 4. Februar). Supply chain attacks show why you should be wary of third-party providers. CSO Online.
[21]Kost, E. K. (2021, 30. Juni). 11 Tactics to Prevent Supply Chain Attacks (Highly Effective) | UpGuard. UpGuard.
[22]Krebs, B. (2020a, Dezember 14). U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise. KrebsOnSecurity.
[23]Krebs, B. (2020b, Dezember 16). Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’. KrebsOnSecurity.
[24]Krebs, B. (2020c, 18. Dezember). VMware Flaw a Vector in SolarWinds Breach? KrebsOnSecurity.
[25]Krebs, B. (2021a, 12. Januar). SolarWinds: What Hit Us Could Hit Others. KrebsOnSecurity.
[26]Krebs, B. (2021b, April 16). Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? KrebsOnSecurity.
[27]Lemon, J. (2020, 15. Dezember). SolarWinds Hides List of Its High-Profile Corporate Clients After Hack. Newsweek.
[28]Microsoft Defender Security Research Team. (2018, 26. Juli). Attack inception: Compromised supply chain within a supply chain poses new risks. Microsoft Security Blog.
[29]Microsoft 365 Defender Research Team & Microsoft Threat Intelligence Center. (2020, 18. Dezember). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers. Microsoft Security Blog.
[30]Möbus, M. (2021, 26. Juli). GitLab schickt Package Hunter auf die Jagd nach Schadcode. Developer.
[31]MSRC. (2020, 13. Dezember). Customer Guidance on Recent Nation-State Cyber Attacks. Microsoft Security Response Center.
[32]MSRC Team. (2020, 21. Dezember). Nobelium Resource Center – updated March 4, 2021. Microsoft Security Response Center.
[33]Reed, M., Miller, J. F. & Popick, P. (2014). Supply Chain Attack Framework and Attack Patterns.Office of the Deputy Assistant Secretary of Defense.
[34]Riley, W. (o. D.). SUPERNOVA SolarWinds .NET Webshell Analysis. GuidePoint Security. Abgerufen am 3. August 2021, von
[35]Schirrmacher, D. (2021, 12. Juli). Jetzt patchen! Sicherheitspatch schließt REvil-Lücke in Kaseya VSA. Security.
[36]Schmidt, J. (2021, 14. Juli). Cybercrime-Bande REvil von der Bildfläche verschwunden. Security.
[37]Schneier, B. (2021, 1. März). National Security Risks of Late-Stage Capitalism – Schneier on Security. Schneier on Security.
[38]SecureTeam. (2021, 24. Februar). What is a dependency confusion attack?
[39]Segerer, N. (2020, 31. Juli). So steht es um die Software Supply Chain.
[40]Simpson, D., Halfin, D., Gorzelany, A. M., Woodbury, B. & “eavena”. (2021, 13. April). Supply chain attacks – Windows security. Microsoft Docs.
[41]Smith, B. (2020, 17. Dezember). A moment of reckoning: the need for a strong and global cybersecurity response. Microsoft On the Issues.
[42]Software Engineering Institute. (2010, Mai). Evaluating and Mitigating Software Supply Chain Security Risks (CMU/SEI-2010-TN-016).
[43]SolarWinds. (2020, 14. Dezember). SolarWinds Customers. Internet Archive.
[44]SolarWinds. (2021, 6. April). Security Advisory RE: CERT Emergency Directive | SolarWinds.
[45]SPIEGEL Netzwelt. (2021, 6. Juli). Consent. DER SPIEGEL, Hamburg, Germany.
[46]Storm, I. T. (2021, 30. Juli). REvil-Verschlüsselungs-Trojaner kam als Sicherheitsupdate getarnt. c’t Magazin.
[47]Sveriges Radio. (2021, 8. Juli). Coop supermarkets reopen after ransomware attack on US tech provider. Radio Sweden | Sveriges Radio.
[48]Symantec Thread Hunter Team. (2021, 18. Januar). Raindrop: New Malware Discovered in SolarWinds Investigation. Symantec Blogs.
[49]Tech Target Contributor. (2021, 7. Mai). Kill switch. Techtarget.
[50]Tennis, M. (2020, 17. Dezember). SUPERNOVA: A Novel .NET Webshell. Unit42.
[51]Tucker, E. (2021, 20. Mai). Hackers targeted SolarWinds earlier than previously known. AP NEWS.
[52]UpGuard. (o. D.). About Us. UpGuard.
[53]Venables, P. & Adkins, H. (2021, 15. Januar). How we’re helping to reshape the software supply chain ecosystem securely. Google Cloud Blog.
[54]Wikipedia-Autoren. (2021a, 20. März). Lieferkette. Wikipedia.
[55]Wikipedia-Autoren. (2021b, Mai 31). Managed Services Provider. Wikipedia.
[56]Wikipedia-Autoren. (2021c, Juni 9). Indicator of compromise. Wikipedia.
[57]Wikipedia contributors. (2021, 23. Juli). Supply chain attack. Wikipedia.

Leave a Reply