Responding to the SolarWinds Breach: Detect, Prevent, and Remediate the Dark Halo Supply Chain Attack

This Volexity guide outlines how to determine if an organization was affected by the SolarWinds Orion supply-chain compromise attributed to the Dark Halo APT, identifying affected Orion versions and DNS CNAME activity to avsvmcloud.com as primary indicators, and provides detection, prevention, and remediation recommendations including IOC hunting, network/DNS log review, rebuilding impacted servers, and resetting credentials and API keys.