Security News > 2021 > January > FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion

FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion
2021-01-19 20:42

Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling.

In an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers - which intelligence services and computer security outfits have concluded were state-sponsored Russians - had specifically targeted two groups of people: those with access to high-level information, and sysadmins.

The paper gives a detailed rundown for how to search logs and what to look for to see if an account has been compromised, complete with step-by-step instructions for how to cut access and provide additional protection in future.

As for mitigation measures, FireEye suggests broadly: a review of all sysadmin accounts in particular to see if there are any "That have been configured or added to a specific service principal" and remove them, and then search for suspicious application credentials and remove them too.

The biz has also released a free tool on GitHub it's calling the Azure AD Investigator that will warn organizations if there are signs their networks were compromised via SolarWinds' backdoored Orion software: there were an estimated 18,000 organizations potentially infected, SolarWinds warned last month; many of them government departments and Fortune 500 companies.

Since FireEye disclosed the hack a month ago, numerous US government orgs including the Commerce Department, Treasury and Justice have discovered they were compromised thanks to a tampered update of the SolarWinds network monitoring software.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/19/fireeye_solarwinds_code/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 56 33 103 81 51 268
Fireeye 8 0 8 2 0 10