At Prevasio, we started to narrow down those potentially affected by the Solarwinds hack as the Sunburst used a DGA (Domain Generation Algorithm) that gives us a glimpse into who may have been infected.
The list (with disclaimers) follows:
Decoded Domain | Mapping (Could Be Inaccurate) |
hgvc.com | Hilton Grand Vacations |
Amerisaf | AMERISAFE, Inc. |
kcpl.com | Kansas City Power and Light Company |
SFBALLET | San Francisco Ballet |
scif.com | State Compensation Insurance Fund |
LOGOSTEC | Logostec Ventilação Industrial |
ARYZTA.C | ARYZTA Food Solutions |
bmrn.com | BioMarin Pharmaceutical Inc. |
AHCCCS.S | Arizona Health Care Cost Containment System |
nnge.org | Next Generation Global Education |
cree.com | Cree, Inc (semiconductor products) |
calsb.org | The State Bar of California |
rbe.sk.ca | Regina Public Schools |
cisco.com | Cisco Systems |
pcsco.com | Professional Computer Systems |
barrie.ca | City of Barrie |
ripta.com | Rhode Island Public Transit Authority |
uncity.dk | UN City (Building in Denmark) |
bisco.int | Boambee Industrial Supplies (Bisco) |
haifa.edu | University of Haifa |
smsnet.pl | SMSNET, Poland |
fcmat.org | Fiscal Crisis and Management Assistance Team |
wiley.com | Wiley (publishing) |
ciena.com | Ciena (networking systems) |
belkin.com | Belkin |
spsd.sk.ca | Saskatoon Public Schools |
pqcorp.com | PQ Corporation |
ftfcu.corp | First Tech Federal Credit Union |
bop.com.pk | The Bank of Punjab |
nvidia.com | NVidia |
insead.org | INSEAD (non-profit, private university) |
usd373.org | Newton Public Schools |
agloan.ads | American AgCredit |
pageaz.gov | City of Page |
jarvis.lab | Erich Jarvis Lab |
ch2news.tv | Channel 2 (Israeli TV channel) |
bgeltd.com | Bradford / Hammacher Remote Support Software |
dsh.ca.gov | California Department of State Hospitals |
dotcomm.org | Douglas Omaha Technology Commission |
sc.pima.gov | Arizona Superior Court in Pima County |
itps.uk.net | Infection Prevention Society (IPS) |
moncton.loc | City of Moncton |
acmedctr.ad | Alameda Health System |
csci-va.com | Computer Systems Center Incorporated |
Redacted† | (law firm – redacted) |
keyano.local | Keyano College |
uis.kent.edu | Kent State University |
alm.brand.dk | Sydbank Group (Banking, Denmark) |
ironform.com | Ironform (metal fabrication) |
corp.ncr.com | NCR Corporation |
ap.serco.com | Serco Asia Pacific |
int.sap.corp | SAP |
mmhs-fla.org | Cleveland Clinic Martin Health |
nswhealth.net | NSW Health |
mixonhill.com | Mixon Hill (intelligent transportation systems) |
bcofsa.com.ar | Banco de Formosa |
ci.dublin.ca. | Dublin, City in California |
siskiyous.edu | College of the Siskiyous |
weioffice.com | Walton Family Foundation |
ecobank.group | Ecobank Group (Africa) |
corp.sana.com | Sana Biotechnology |
med.ds.osd.mi | US Gov Information System |
wz.hasbro.com | Hasbro (Toy company) |
its.iastate.ed | Iowa State University |
amr.corp.intel | Intel |
cds.capilanou. | Capilano University |
e-idsolutions. | IDSolutions (video conferencing) |
helixwater.org | Helix Water District |
detmir-group.r | Detsky Mir (Russian children’s retailer) |
int.lukoil-int | LUKOIL (Oil and gas company, Russia) |
ad.azarthritis | Arizona Arthritis and Rheumatology Associates |
net.vestfor.dk | Vestforbrænding |
allegronet.co. | Allegronet (Cloud based services, Israel) |
us.deloitte.co | Deloitte |
central.pima.g | Pima County Government |
city.kingston. | Kingston City, Australia |
staff.technion | Technion – Israel Institute of Technology |
airquality.org | Sacramento Metropolitan Air Quality Management District |
phabahamas.org | Public Hospitals Authority, Caribbean |
parametrix.com | Parametrix (Engineering) |
ad.checkpoint. | Check Point |
corp.riotinto. | Rio Tinto (Mining company, Australia) |
intra.rakuten. | Rakuten |
us.rwbaird.com | Robert W. Baird & Co. (Financial services) |
ville.terrebonn | Ville de Terrebonne |
woodruff-sawyer | Woodruff-Sawyer & Co., Inc. |
fisherbartoninc | Fisher Barton Group |
banccentral.com | BancCentral Financial Services Corp. |
taylorfarms.com | Taylor Fresh Foods |
neophotonics.co | NeoPhotonics (optoelectronic devices) |
gloucesterva.ne | Gloucester County |
magnoliaisd.loc | Magnolia Independent School District |
zippertubing.co | Zippertubing (Manufacturing) |
milledgeville.l | Milledgeville (City in Georgia) |
digitalreachinc | Digital Reach, Inc. |
deniz.denizbank | DenizBank |
thoughtspot.int | ThoughtSpot (Business intelligence) |
lufkintexas.net | Lufkin (City in Texas) |
digitalsense.co | Digital Sense (Cloud Services) |
wrbaustralia.ad | W. R. Berkley Insurance Australia |
christieclinic. | Christie Clinic Telehealth |
signaturebank.l | Signature Bank |
dufferincounty. | Dufferin County |
mountsinai.hosp | Mount Sinai Hospital |
securview.local | Securview Victory (Video Interface technology) |
weber-kunststof | Weber Kunststoftechniek |
parentpay.local | ParentPay (Cashless Payments) |
europapier.inte | Europapier International AG |
molsoncoors.com | Molson Coors Beverage Company |
fujitsugeneral. | Fujitsu General |
cityofsacramento | City of Sacramento |
ninewellshospita | Ninewells Hospital |
fortsmithlibrary | Fort Smith Public Library |
dokkenengineerin | Dokken Engineering |
vantagedatacente | Vantage Data Centers |
friendshipstateb | Friendship State Bank |
clinicasierravis | Clinica Sierra Vista |
ftsillapachecasi | Apache Casino Hotel |
voceracommunicat | Vocera (clinical communications) |
mutualofomahaban | Mutual of Omaha Bank |
† In this case, the company in question has reached out to me directly and asked that they not be listed. The company had performed a forensic review and believes they are not affected. In the interest of transparency, I can provide more details if contacted directly.
5 replies on “A preliminary look into who was hacked in the Sunburst attack”
[…] to include an encoded version of victim domain names. An analysis conducted by the company revealed roughly 100 potential victims, including many high-profile tech companies, but Prevasion has pointed out that the list it has […]
[…] to include an encoded version of victim domain names. An analysis conducted by the company revealed roughly 100 potential victims, including many high-profile tech companies, but Prevasion has pointed out that the list it has […]
[…] • डीजीए विश्लेषण के आधार पर संभावित रूप … […]
[…] द्वारा किए गए एक विश्लेषण से पता चला लगभग 100 संभावित पीड़ितसहित, कई हाई-प्रोफाइल टेक कंपनियों, […]
[…] • List of potentially impacted organizations based on DGA analysis […]