www.rivitmedia.comwww.rivitmedia.comwww.rivitmedia.com
  • Home
  • Tech News
    Tech NewsShow More
    Malicious Go Modules Unleash Disk-Wiping Chaos in Linux Supply Chain Attack
    4 Min Read
    Agentic AI: Transforming Cybersecurity in 2025
    3 Min Read
    Cybersecurity CEO Accused of Planting Malware in Hospital Systems: A Breach of Trust That Shocks the Industry
    6 Min Read
    Cloud Convenience, Criminal Opportunity: How Google Sites Became a Launchpad for Elite Phishing
    6 Min Read
    Targeted Exploits Highlight Need for Vigilance Among High-Risk Apple Users
    4 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 rivitMedia.com. All Rights Reserved.
Reading: CHIRP: CISA Released a Tool Named CHIRP to Track SolarWinds Attacks
Share
Notification Show More
Font ResizerAa
www.rivitmedia.comwww.rivitmedia.com
Font ResizerAa
  • Online Scams
  • Tech News
  • Cyber Threats
  • Mac Malware
  • Cybersecurity for Business
  • FREE SCAN
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    • Cybersecurity for Business
  • FREE SCAN
  • Sitemap
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
www.rivitmedia.com > Blog > Tech News > CHIRP: CISA Released a Tool Named CHIRP to Track SolarWinds Attacks
Tech News

CHIRP: CISA Released a Tool Named CHIRP to Track SolarWinds Attacks

rivitmedia_admin
Last updated: October 19, 2023 6:33 pm
rivitmedia_admin
Share
SHARE

In March of 2021, the USA’s Cybersecurity and Infrastructure Security Agency, or CISA, released a tool called the CISA Hunt and Incident Response Program, or CHIRP. CHIRP is a Python-based forensics collection tool created to detect malicious activity associated with the widely reported and devastating SolarWinds hacking attacks on enterprise Windows environments.

Contents
What Does CHIRP Do?What Does CHIRP Detect? 

In their announcement, CISA described CHIRP as a free utility that can detect signs of APT compromise within an on-premises environment. The tool looks for IOCs (indicators of compromise) associated with malicious activity related to the SolarWinds attacks against organizations, including government agencies, critical infrastructures, and private companies.

CHIRP was built to search for compromises related to SolarWinds Orion software, the network monitoring software that cybercriminals penetrated to distribute the Sunburst and SUNSPOT trojans.

CISA has previously released another detection tool earlier called Sparrow. Sparrow is a PowerShell-based tool developed to scan for compromises in the Microsoft environment. While there are similarities between CHIRP and Sparrow, CHIRP is seen as a complement to Sparrow that scans on-premises systems for similar activity.

What Does CHIRP Do?

The CHIRP tool operates as a command-line executable with the ability to scan for anomalies within on-premises environments. It examines Windows event logs for any artifacts connected to AA20-352A and AA21-008A alerts and searches the Windows Registry for signs of compromise. The first alert relates to the compromise of SolarWinds Orion products affecting U.S. government agencies, infrastructure entities, or private network organizations. The second alert relates to the compromise of Microsoft 365/Azure environments.

CHIRP also allows admins to search Windows network artifacts and apply YARA rules to detect any possible malware, backdoors, or implants. YARA is another tool used for malware research and detection.

Since CHIRP is a license-free tool, skilled developers can borrow the source code and make further improvements. 

What Does CHIRP Detect? 

According to the Cybersecurity & Infrastructure Security Agency, CHIRP can be used to detect: 

  • The presence of malware identified by security researchers as TEARDROP and RAINDROP;
  • Credential dumping certificate pulls;
  • Certain persistence mechanisms identified as associated with this campaign;
  • System, network, and M365 enumeration; and
  • Known observable indicators of lateral movement.

With that kind of detection capability, the CHIRP tool is a utility that all entities using SolarWinds Orion software will need.

You Might Also Like

Buer Loader Grows in Popularity for Malware-as-a-Service Attackers
“KANDYKORN” Targets macOS Users: A Deep Dive into the Lazarus Group’s Latest Attack
Ook.gg: Unveiling and Dealing With the Dangers of PUPs and Browser Hijackers
Revealing Farnetwork: Insights from a Unique “Job Interview” Process
Cryptojacking Goes Open Source: Hijacked Python Packages Fuel Hidden Cryptocurrency Mining
TAGGED:CHIRPCISATech News

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article DearCry & Black Kingdom Ransomware & Lemon Duck Cryptominer Have Successfully Exploited Microsoft Exchange Server Vulnerabilities
Next Article ransomware, stop/djvu CryptoLocker Ransomware: A Game-Changer that Paved the Way for the Rise of File-Encrypting Malware
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Scan Your System for Free

✅ Free Scan Available 

✅ 13M Scans/Month

✅ Instant Detection

Download SpyHunter

//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

www.rivitmedia.comwww.rivitmedia.com
© 2023 • rivitmedia.com All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US