back caretBlog

New Report on Lessons Learned Observing SUNBURST's Behavior

How did the SUNBURST attack evade defenses and what must we do going forward? Those are the central questions explored in ExtraHop's latest security report.

SUNBURST used the supply chain to bypass perimeter defenses and gain access. Once inside, it used incredible stealth and sophistication to go unnoticed. But it still left subtle traces on the network, because any attack must cross the network to accomplish its goals.


ExtraHop is uniquely positioned to provide insight into SUNBURST. Using network data to detect, understand, and stop attacks is our area of expertise. Further, ExtraHop Reveal(x) 360 is the only security platform that can see both what's happening now on the network and look back at detailed records of activity going back months.

This report shares new data uncovered by ExtraHop about SUNBURST's behavior over time. It shares real-world examples of the attack behavior uncovered by our customers' security teams (who have been anonymized in the report) during their investigations of SUNBURST.


ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed