A preliminary look into who was hacked in the Sunburst attack

At Prevasio, we started to narrow down those potentially affected by the Solarwinds hack as the Sunburst used a DGA (Domain Generation Algorithm) that gives us a glimpse into who may have been infected.

The list (with disclaimers) follows:

Decoded DomainMapping (Could Be Inaccurate)
hgvc.comHilton Grand Vacations
AmerisafAMERISAFE, Inc.
kcpl.comKansas City Power and Light Company
SFBALLETSan Francisco Ballet
scif.comState Compensation Insurance Fund
LOGOSTECLogostec Ventilação Industrial
bmrn.comBioMarin Pharmaceutical Inc.
AHCCCS.SArizona Health Care Cost Containment System
nnge.orgNext Generation Global Education
cree.comCree, Inc (semiconductor products)
calsb.orgThe State Bar of California Public Schools
cisco.comCisco Systems
pcsco.comProfessional Computer Systems
barrie.caCity of Barrie
ripta.comRhode Island Public Transit Authority
uncity.dkUN City (Building in Denmark)
bisco.intBoambee Industrial Supplies (Bisco)
haifa.eduUniversity of Haifa
smsnet.plSMSNET, Poland
fcmat.orgFiscal Crisis and Management Assistance Team
wiley.comWiley (publishing)
ciena.comCiena (networking systems)
belkin.comBelkin Public Schools
pqcorp.comPQ Corporation
ftfcu.corpFirst Tech Federal Credit Union Bank of Punjab
insead.orgINSEAD (non-profit, private university)
usd373.orgNewton Public Schools
agloan.adsAmerican AgCredit
pageaz.govCity of Page
jarvis.labErich Jarvis Lab
ch2news.tvChannel 2 (Israeli TV channel)
bgeltd.comBradford / Hammacher Remote Support Software Department of State Hospitals
dotcomm.orgDouglas Omaha Technology Commission
sc.pima.govArizona Superior Court in Pima County Prevention Society (IPS)
moncton.locCity of Moncton
acmedctr.adAlameda Health System
csci-va.comComputer Systems Center Incorporated
Redacted(law firm – redacted)
keyano.localKeyano College
uis.kent.eduKent State University
alm.brand.dkSydbank Group (Banking, Denmark)
ironform.comIronform (metal fabrication)
corp.ncr.comNCR Corporation
ap.serco.comSerco Asia Pacific
mmhs-fla.orgCleveland Clinic Martin Health
nswhealth.netNSW Health
mixonhill.comMixon Hill (intelligent transportation systems) de Formosa, City in California
siskiyous.eduCollege of the Siskiyous
weioffice.comWalton Family Foundation
ecobank.groupEcobank Group (Africa)
corp.sana.comSana Biotechnology
med.ds.osd.miUS Gov Information System
wz.hasbro.comHasbro (Toy company)
its.iastate.edIowa State University
cds.capilanou.Capilano University
e-idsolutions.IDSolutions (video conferencing)
helixwater.orgHelix Water District
detmir-group.rDetsky Mir (Russian children’s retailer)
int.lukoil-intLUKOIL (Oil and gas company, Russia)
ad.azarthritisArizona Arthritis and Rheumatology Associates
net.vestfor.dkVestforbrænding (Cloud based services, Israel)
central.pima.gPima County Government
city.kingston.Kingston City, Australia
staff.technionTechnion – Israel Institute of Technology
airquality.orgSacramento Metropolitan Air Quality Management District
phabahamas.orgPublic Hospitals Authority, Caribbean
parametrix.comParametrix (Engineering)
ad.checkpoint.Check Point
corp.riotinto.Rio Tinto (Mining company, Australia)
us.rwbaird.comRobert W. Baird & Co. (Financial services)
ville.terrebonnVille de Terrebonne
woodruff-sawyerWoodruff-Sawyer & Co., Inc.
fisherbartonincFisher Barton Group
banccentral.comBancCentral Financial Services Corp.
taylorfarms.comTaylor Fresh Foods
neophotonics.coNeoPhotonics (optoelectronic devices)
gloucesterva.neGloucester County
magnoliaisd.locMagnolia Independent School District
zippertubing.coZippertubing (Manufacturing)
milledgeville.lMilledgeville (City in Georgia)
digitalreachincDigital Reach, Inc.
thoughtspot.intThoughtSpot (Business intelligence)
lufkintexas.netLufkin (City in Texas)
digitalsense.coDigital Sense (Cloud Services)
wrbaustralia.adW. R. Berkley Insurance Australia
christieclinic.Christie Clinic Telehealth
signaturebank.lSignature Bank
dufferincounty.Dufferin County
mountsinai.hospMount Sinai Hospital
securview.localSecurview Victory (Video Interface technology)
weber-kunststofWeber Kunststoftechniek
parentpay.localParentPay (Cashless Payments)
europapier.inteEuropapier International AG
molsoncoors.comMolson Coors Beverage Company
fujitsugeneral.Fujitsu General
cityofsacramentoCity of Sacramento
ninewellshospitaNinewells Hospital
fortsmithlibraryFort Smith Public Library
dokkenengineerinDokken Engineering
vantagedatacenteVantage Data Centers
friendshipstatebFriendship State Bank
clinicasierravisClinica Sierra Vista
ftsillapachecasiApache Casino Hotel
voceracommunicatVocera (clinical communications)
mutualofomahabanMutual of Omaha Bank

† In this case, the company in question has reached out to me directly and asked that they not be listed. The company had performed a forensic review and believes they are not affected. In the interest of transparency, I can provide more details if contacted directly.

5 replies on “A preliminary look into who was hacked in the Sunburst attack”

[…] द्वारा किए गए एक विश्लेषण से पता चला लगभग 100 संभावित पीड़ितसहित, कई हाई-प्रोफाइल टेक कंपनियों, […]

Leave a Reply

Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/blog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/blog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/blog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34