Security News > 2020 > December > Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
2020-12-16 18:37

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "Killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.

FireEye said hacked networks were seen communicating with a malicious domain name - avsvmcloud[.

Asked about the changeover, Microsoft referred questions to FireEye and to GoDaddy, the current domain name registrar for the malicious site.

Today, FireEye responded that the domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised SolarWinds software update from communicating with the attackers.

The killswitch revelations came as security researchers said they'd made progress in decoding SUNBURST's obfuscated communications methods.


News URL

https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 101 81 50 265