Learning Center

How can I
learn more?

Detect and Mitigate Against Sunburst TTPs

Hear how CrowdStrike detects and mitigates key Sunburst TTPs.

Register Now

How to Maximize ROI with Frictionless Zero Trust

Learn how Zero Trust can reduce risk and reduce cost.

Register Now

Am I

CrowdStrike Customers

(may require login)

Leverage the12 month Look-back: Use the Indicator Graph to search for IOCs across the 12 months of data that Falcon stores.

Quick bulk hash search: rapidly search for key hashes to find IOC’s quickly.

See all IOCs and detections in one place: the SUNBURST Dashboard.

Review the CrowdStrike Intelligence reports to up level threat intelligence knowledge.

Get IOCs from web pages: CrowdScrape Browser Extension. See a demo.

Community Members

CRT Tool: Assess current configuration and permission settings in your MS Azure infrastructure.

Sunburst IOCs and Yara rules from the CrowdStrike security research team.

Also see FireEye’s published IOCs.


CrowdStrike Customers

(may require login)

Review Falcon prevention settings including sensor tampering protection and ML detection options.

Learn about a targeted remediation routine to automatically take action on weaponized DLLs.

Use remote vulnerability patching. Learn how to deploy key patches (like the recommended VMware patch) even if admins are remote.

See all IOCs and detections in one place: the SUNBURST Dashboard.

Community Members

CRT Tool. This tool enables users to check hard-to-find configurations and permission settings in Azure (a vector used in the attack).

CISA Guidance. NSA and CISA issued guidance on detection and mitigation of the attack.

VMware Patch. This enables patching a key vulnerability in VMware software (a vector used in the attack).

Quickstart Guide. It includes the top eight best practices for securing cloud-native applications.

AD Hardening Guide. This guides details key steps to harden Active Directory.

Secure Against Future Attacks?

The tactics and techniques used in SUNBURST have been used in other attacks, such as the Maze ransomware and previous supply chain attacks like the OPM breach. This means that future attacks that may differ from SUNBURST will use the same key elements, and organizations can still protect themselves proactively. The core tenets of cybersecurity remain true: Understand what assets are under your control and which ones are protected, establish control and baselines of security, and implement the continuous cycle of monitoring, assessing risk and implementing improvements.

The CrowdStrike Falcon® platform stops incidents like SUNBURST from becoming breaches, and solves critical cybersecurity use-cases through the range of flexible product modules and partner integrations, as well as managed services and incident response services to address your organization’s specific IT environment and security requirements.

Expert Assessment

CrowdStrike’s strategic advisory services and technical advisory services will help you answer:

  • Am I Breached?

    Understand and validate if your organization is currently breached or has been breached at some point in the past.

  • Am I Mature?

    The CrowdStrike® Services team of incident responders and cybersecurity experts is ready to help your organization understand its security maturity.

  • Am I Ready?

    The CrowdStrike® Services team of incident responders and cybersecurity experts will help assess if you are ready for the next attack or assessment.

Request Info
  • Endpoint

    Detect stealthy evasion techniques and tampering attempts to enable instant action from one-click-containment and auto-remediation to rapid patching and investigation with CrowdStrike data for the past 12 months.

    Learn More
  • Zero Trust

    Falcon Zero TrustTM enables frictionless security with real-time threat prevention and IT policy enforcement using identity, behavioral and risk analytics to stop identity-based attacks like lateral movement.

    Request Demo
  • Threat Intelligence

    Expose sophisticated threats faster with groundbreaking research. CrowdStrike Falcon® Intelligence Premium helps you understand and detect attacker TTPs.

    Learn More
  • Cloud

    Falcon Horizon provides visibility across your Azure infrastructure, combined with continuous monitoring for misconfigurations, and proactive threat detection — enabling DevOps teams to stay secure while building in the cloud.

    Read Guide