Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SolarWinds Victims Revealed After Cracking The Sunburst Malware DGA

SolarWinds Victims Revealed After Cracking The Sunburst Malware DGA

Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack.

One of these lists—shared by cybersecurity firm Truesec—includes high-profile tech companies such as Intel, Nvidia, Cisco, Cox Communications, and Belkin, to name just a few.

Mediatek, the world’s second-largest provider of fabless semiconductors, might have also been specifically targeted in this campaign but TrueSec hasn’t yet fully confirmed the breach at this point.

How lists of SolarWinds victims were built

To build the list of victims infected with the Sunburst backdoor via the compromised update mechanism of the SolarWinds Orion IT management platform, the researchers decoded a dynamically generated part of the C2 subdomain for each of the compromised devices.

The list of encoded C2 subdomains used by the Sunburst malware was harvested from passive DNS (pDNS) datasets and web traffic pointing to the main avsvmcloud[.]com C2 domain contacted by the backdoor to exfiltrate stolen data.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

By decoding this list of subdomains generated by the malware’s domain generation algorithm (DGA), TrueSec and other security firms including QiAnXin RedDripKaspersky, and Prevasio [12], were able to find many well-known organizations that have already or may disclose targeted attacks later on.

Decoded backdoor C2 subdomain URLs (RedDrip Team)

Organizations breached by the SolarWinds hackers

While Microsoft also found that more than 40 of its customers had their networks infiltrated following the SolarWinds supply chain attack, the company notified them but did not disclose their identity. Redmond did say that 80% of the victims were from the US and 44% were in the IT sector.

FireEyeMicrosoft, and VMware were also breached by the hackers behind the SolarWinds supply chain attack but only FireEye was targeted for the second stage of the attack and had information stolen from its network.

Even though SolarWinds said that the malicious Orion updates were installed by roughly 18,000 customers in this attack, the threat actors who orchestrated it (tracked by FireEye as UNC2452 and by Volexity as Dark Halo) only targeted ‘high value’ orgs for further exploitation.

The known list of organizations hit by the SolarWinds supply chain attack also includes multiple US states and government agencies:

SunBurst victims by sector (Microsoft)

The (partial) end result

TrueSec’s extensive list of decoded Sunburst C2 subdomains provides a list of internal organization names that weren’t only infected with the backdoor but were also individually targeted and where the hackers likely escalated their attacks to further internal compromise.

“We have decoded the DGA parts of the requests to identify internal domain names of compromised organizations, correlated that with the responses received from the threat actor server, and mapped them with the hardcoded list of IP ranges in the backdoor code,” TrueSec said.

This allowed the researchers to get a partial list of breached organizations, as well as pinpoint the ones which were singled out by the hacking group for the second stage of the attack.

“This list contains the decoded values of internal domain names. We can therefore only assume that they belong to an organization based on the name of the domains and publicly available information,” TrueSec added.

“More information will be disclosed during the upcoming months but the full extent of this breach will most likely never be communicated to the public, and instead will be restricted to trusted parts of the intelligence community.”

The current list of decoded internal names for some of the companies that were breached by the SolarWinds hackers is embedded below (the organization names might be inaccurate given that they are based on decoded internal names).

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Decoded Internal NameOrganization
(possibly inaccurate)
Response Address FamilyCommandFirst Seen of Law and Business,
NetBiosHTTP Backdoor2020-05-26
ad001.mtk.loMediatekNetBiosHTTP Backdoor2020-08-26
Aeria NetBiosHTTP Backdoor2020-06-26
Ameri NetBiosHTTP Backdoor2020-08-02
ank.comAnkcom CommunicationsNetBiosHTTP Backdoor2020-06-06
azlcyy NetBiosHTTP Backdoor2020-08-07
banccentral.comBancCentral Financial
Services Corp.
NetBiosHTTP Backdoor2020-07-03
barrie.caCity of BarrieNetBiosHTTP Backdoor2020-05-13
BCC.l NetBiosHTTP Backdoor2020-08-22
bhq.lan NetBiosHTTP Backdoor2020-08-18
cds.capilanou.Capilano UniversityNetBiosHTTP Backdoor2020-08-27
Centr NetBiosHTTP Backdoor2020-06-24
chc.dom NetBiosHTTP Backdoor2020-08-04
christieclinic.Christie Clinic TelehealthNetBiosHTTP Backdoor2020-04-22
CIMBM NetBiosHTTP Backdoor2020-09-25
CIRCU NetBiosHTTP Backdoor2020-05-30
CONSO NetBiosHTTP Backdoor2020-06-17
corp.ptci.comPioneer Telephone
Scholarship Recipients
NetBiosHTTP Backdoor2020-06-19
corp.stingraydiStingray (Media and
NetBiosHTTP Backdoor2020-06-10
corp.stratusnetStratus NetworksNetBiosHTTP Backdoor2020-04-28
cosgroves.localCosgroves (Building services
NetBiosHTTP Backdoor2020-08-25
COTESCotes (Humidity Management)NetBiosHTTP Backdoor2020-07-25
csnt.princegeorCity of Prince GeorgeNetBiosHTTP Backdoor2020-09-18
cys.localCYS Group (Marketing analytics)NetBiosHTTP Backdoor2020-07-10
digitalsense.coDigital Sense (Cloud Services)NetBiosHTTP Backdoor2020-06-24
ehtuh- NetBiosHTTP Backdoor2020-05-01 NetBiosHTTP Backdoor2020-07-10
f.gnam NetBiosHTTP Backdoor2020-04-04
fhc.local NetBiosHTTP Backdoor2020-07-06
fidelitycomm.loFidelity Communications (ISP)NetBiosHTTP Backdoor2020-06-02
fisherbartoninc.comThe Fisher Barton Group
(Blade Manufacturer)
NetBiosHTTP Backdoor2020-05-15
fmtn.adCity of FarmingtonNetBiosHTTP Backdoor2020-07-21
FWO.I NetBiosHTTP Backdoor2020-08-05
ggsg-us.ciscoCisco GGSGNetBiosHTTP Backdoor2020-06-24
ghsmain1.ggh.g NetBiosHTTP Backdoor2020-06-09
gxw NetBiosHTTP Backdoor2020-07-07
htwanmgmt.local NetBiosHTTP Backdoor2020-07-22 NetBiosHTTP Backdoor2020-06-12 NetBiosHTTP Backdoor2020-09-23
internal.jtl.c NetBiosHTTP Backdoor2020-05-19
ironform.comIronform (metal fabrication)NetBiosHTTP Backdoor2020-06-19
isi NetBiosHTTP Backdoor2020-07-06 Prevention Society (IPS)NetBiosHTTP Backdoor2020-08-11
jxxyx. NetBiosHTTP Backdoor2020-06-26
kcpl.comKansas City Power and
Light Company
NetBiosHTTP Backdoor2020-07-07
keyano.localKeyano CollegeNetBiosHTTP Backdoor2020-06-03
khi0kl NetBiosHTTP Backdoor2020-08-26
lhc_2f NetBiosHTTP Backdoor2020-04-18
lufkintexas.netLufkin (City in Texas)NetBiosHTTP Backdoor2020-07-07
magnoliaisd.locMagnolia Independent
School District
NetBiosHTTP Backdoor2020-06-01
MOC.l NetBiosHTTP Backdoor2020-04-30
moncton.locCity of MonctonNetBiosHTTP Backdoor2020-08-25
mountsinai.hospMount Sinai HospitalNetBiosHTTP Backdoor2020-07-02
netdecisions.loNetdecisions (IT services)NetBiosHTTP Backdoor2020-10-04
newdirections.k NetBiosHTTP Backdoor2020-04-21
nswhealth.netNSW HealthNetBiosHTTP Backdoor2020-06-12
nzi_9p NetBiosHTTP Backdoor2020-08-04
city.kingston.on.caCity of Kingston,
Ontario, Canada
NetBiosHTTP Backdoor2020-06-15
dufferincounty.on.caDufferin County,
Ontario, Canada
NetBiosHTTP Backdoor2020-07-17
osb.local NetBiosHTTP Backdoor2020-04-28
oslerhc.orgWilliam Osler Health SystemNetBiosHTTP Backdoor2020-07-11
pageaz.govCity of PageNetBiosHTTP Backdoor2020-04-19
pcsco.comProfessional Computer SystemsNetBiosHTTP Backdoor2020-07-23
pkgix_ NetBiosHTTP Backdoor2020-07-15
pqcorp.comPQ CorporationNetBiosHTTP Backdoor2020-07-02
prod.hamilton.Hamilton CompanyNetBiosHTTP Backdoor2020-08-19
resprod.comRes Group (Renewable
energy company)
NetBiosHTTP Backdoor2020-05-06
RPM.l NetBiosHTTP Backdoor2020-05-28
sdch.localSouth Davis
Community Hospital
NetBiosHTTP Backdoor2020-05-18
servitia.intern NetBiosHTTP Backdoor2020-06-16
sfsi.stearnsbanStearns BankNetBiosHTTP Backdoor2020-08-02
signaturebank.lSignature BankNetBiosHTTP Backdoor2020-06-25
sm-group.localSM Group (Distribution)NetBiosHTTP Backdoor2020-07-07
te.nzTE Connectivity (Sensor
NetBiosHTTP Backdoor2020-05-13
thx8xb NetBiosHTTP Backdoor2020-06-16 NetBiosHTTP Backdoor2020-07-15
usd373.orgNewton Public SchoolsNetBiosHTTP Backdoor2020-08-01
uzq NetBiosHTTP Backdoor2020-10-02
ville.terrebonnVille de TerrebonneNetBiosHTTP Backdoor2020-08-02
wrbaustralia.adW. R. Berkley Insurance AustraliaNetBiosHTTP Backdoor2020-07-11
ykz NetBiosHTTP Backdoor2020-07-11
2iqzth ImpLinkEnum processes2020-06-17
3if.2l3IF (Industrial Internet)ImpLinkEnum processes2020-08-20
airquality.orgSacramento Metropolitan
Air Quality Management District
ImpLinkEnum processes2020-08-09
ansc.gob.peGOB (Digital Platform of
the Peruvian State)
ImpLinkEnum processes2020-07-25 de FormosaImpLinkEnum processes2020-07-13
bi.corp ImpLinkEnum processes2020-12-14 Bank of PunjabImpLinkEnum processes2020-09-18
camcity.local ImpLinkEnum processes2020-08-07
cow.local ImpLinkEnum processes2020-06-13
deniz.denizbankDenizBankImpLinkEnum processes2020-11-14
ies.comIES Communications
(Communications technology)
ImpLinkEnum processes2020-06-11
insead.orgINSEAD Business SchoolImpLinkEnum processes2020-11-07
KS.LO ImpLinkEnum processes2020-07-10
mixonhill.comMixon Hill (intelligent
transportation systems)
ImpLinkEnum processes2020-04-29
ni.corp.natins ImpLinkEnum processes2020-10-24
phabahamas.orgPublic Hospitals Authority,
ImpLinkEnum processes2020-11-05 Public SchoolsImpLinkEnum processes2020-08-20 Public SchoolsImpLinkEnum processes2020-06-12
yorkton.cofyCommunity Options for
Families & Youth
ImpLinkEnum processes2020-05-08
.sutmf IpxUpdate config2020-06-25
atg.local No MatchUnknown2020-05-11
bisco.intBisco International
(Adhesives and tapes)
No MatchUnknown2020-04-30
ccscurriculum.c No MatchUnknown2020-04-18
e-idsolutions.IDSolutions (video conferencing)No MatchUnknown2020-07-16
ETC1. No MatchUnknown2020-08-01
gk5 No MatchUnknown2020-07-09
grupobazar.loca No MatchUnknown2020-06-07
internal.hws.o No MatchUnknown2020-05-23
n2k No MatchUnknown2020-07-12 No MatchUnknown2020-07-05 MatchUnknown2020-07-08 No MatchUnknown2020-06-15
xijtt- No MatchUnknown2020-07-21
xnet.kzX NET (IT provider in Kazakhstan)No MatchUnknown2020-06-09
zu0 No MatchUnknown2020-08-13 N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
ad.optimizely. N/AN/AN/A
admin.callidusc N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
amalfi.local N/AN/AN/A
americas.phoeni N/AN/AN/A N/AN/AN/A N/AN/AN/A
b9f9hq N/AN/AN/A
bk.local N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
c4e-internal.c N/AN/AN/A N/AN/AN/A
casino.prv N/AN/AN/A
cda.corp N/AN/AN/A
central.pima.g N/AN/AN/A
cfsi.local N/AN/AN/A
Count N/AN/AN/A
cs.haystax.loc N/AN/AN/A
csa.local N/AN/AN/A N/AN/AN/A
csqsxh N/AN/AN/A
deltads.ent N/AN/AN/A
detmir-group.r N/AN/AN/A
dhhs- N/AN/AN/A
dmv.state.nv. N/AN/AN/A N/AN/AN/A
dskb2x N/AN/AN/A
e9.2pz N/AN/AN/A N/AN/AN/A N/AN/AN/A
ecocorp.local N/AN/AN/A N/AN/AN/A
fremont.lamrc. N/AN/AN/A
ftfcu.corp N/AN/AN/A
gksm.local N/AN/AN/A N/AN/AN/A N/AN/AN/A
gnb.local N/AN/AN/A
gncu.local N/AN/AN/A N/AN/AN/A
gyldendal.local N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
innout.corp N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
its.iastate.ed N/AN/AN/A
jarvis.lab N/AN/AN/A
-jlowd N/AN/AN/A
jn05n8 N/AN/AN/A
jxb3eh N/AN/AN/A N/AN/AN/A
milledgeville.l N/AN/AN/A N/AN/AN/A
ncpa.loc N/AN/AN/A N/AN/AN/A N/AN/AN/A
nih.if N/AN/AN/A N/AN/AN/A
on-pot N/AN/AN/A
ou0yoy N/AN/AN/A
paloverde.local N/AN/AN/A
pl8uw0 N/AN/AN/A
rs.local N/AN/AN/A N/AN/AN/A
sbywx3 N/AN/AN/A N/AN/AN/A N/AN/AN/A
seattle.interna N/AN/AN/A
securview.local N/AN/AN/A
superior.local N/AN/AN/A
swd.local N/AN/AN/A N/AN/AN/A N/AN/AN/A
thajxq N/AN/AN/A N/AN/AN/A
tsyahr N/AN/AN/A
tv2.local N/AN/AN/A N/AN/AN/A N/AN/AN/A N/AN/AN/A
viam-invenient N/AN/AN/A N/AN/AN/A N/AN/AN/A
wfhf1.hewlett. N/AN/AN/A
woodruff-sawyer N/AN/AN/A
HQ.RE-wwgi2xnl N/AN/AN/A N/AN/AN/A N/AN/AN/A
zeb.i8 N/AN/AN/A N/AN/AN/A



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us