The Cybersecurity and Infrastructure Security Agency (CISA) has released Hunt and Incident Response Program (CHIRP) tool.
CHIRP is a Python-based tool, that allows detecting malicious activity associated with the SolarWinds hackers in compromised on-premises enterprise Windows environments.
CISA Alerts
- AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, which primarily focuses on an advanced persistent threat (APT) actor’s compromise of SolarWinds Orion products affecting U.S. government agencies, critical infrastructure entities, and private network organizations.
- AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments, which addresses APT activity within Microsoft 365/Azure environments and offers an overview of—and guidance on—available open-source tools. The Alert includes the CISA-developed Sparrow tool that helps network defenders detect possible compromised accounts…