Threat Intelligence Investigation Into Domain Infrastructure Points To A Very Sophisticated Threat Actor

VICTORIA, British Columbia - December 18, 2020  — HYAS Infosec, a leader in threat intelligence, adversary infrastructure, and attribution, located details surrounding infrastructure used during the SolarWinds compromise and the threat actor behind it. HYAS was privately invited to analyze data relating to the initial command and control infrastructure used during the compromise of network monitoring software vendor SolarWinds. The details behind the attacker infrastructure illuminate how a sophisticated threat actor appears to have used a variety of advanced techniques to hide the origin of the command and control domain used during the SolarWinds compromise. HYAS has already shared this data with the FBI.

“The adversary behind this attack demonstrated considerable skill in hiding their tracks. Their operational security is in a different league compared to your average cybercriminal,“ commented HYAS founder Chris Davis. “The adversary behind the SolarWinds attack showed an uncommon level of operational security in purchasing and creating of the domain as well as employing a two-week incubation period from infection to beacon.”

“HYAS is a unique company, with unique assets and uncommon visibility into adversary infrastructure.  We’re proud that we could contribute key intelligence about this compromise and the actor behind it, and hope that it not only furthers the industry’s understanding of the compromise but helps avoid future incidents,” said David Ratner, CEO of HYAS.  “We’re continuing to uncover additional details and will keep the industry informed.”  

The information shared with the FBI was gathered through the efforts of HYAS Intelligence Services and informed by HYAS Insight. To learn more about the HYAS cybersecurity solution portfolio, please contact us


About HYAS

HYAS, a First Nations word meaning “great and powerful,” is the world’s leading authority on pre-zero-day cybersecurity risk. HYAS provides the industry’s first security solution that integrates into existing security frameworks and enables enterprises to detect and mitigate cyber risks before attacks happen and identify the adversaries behind them. Threat and fraud response teams use HYAS to hunt, find, and identify adversaries, often down to their physical doorsteps. With HYAS, enterprises are able to adopt a more proactive and adaptive security posture and protect against both known and not-yet-launched attacks, identifying the adversaries targeting their organizations and the infrastructure used to launch their attacks. For more information about HYAS, visit