Security News > 2021 > January > Microsoft shares how SolarWinds hackers evaded detection

Microsoft shares how SolarWinds hackers evaded detection
2021-01-20 15:54

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies.

This previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center, and Microsoft Cyber Defense Operations Center.

As Microsoft's security experts found, the hackers who orchestrated the SolarWinds attack showcased a range of tactics, operational security, anti-forensic behavior that drastically decreased the breached organizations' ability to detect their malicious actions.

"During our in-depth analysis of the attacker's tactics, techniques, and procedures seen through the lens of Microsoft 365 Defender's rich telemetry, we observed a few techniques that are worth disclosing to help other defenders better respond to this incident and use hunting tools like Microsoft 365 Defender advanced hunting or Azure Sentinel queries to search for potential traces of past activity."

"The removal of the backdoor-generation function and the compromised code from SolarWinds binaries in June could indicate that, by this time, the attackers had reached a sufficient number of interesting targets, and their objective shifted from deployment and activation of the backdoor to being operational on selected victim networks, continuing the attack with hands-on-keyboard activity using the Cobalt Strike implants," Microsoft adds.

Microsoft uncovered these new details during their ongoing investigation of the SolarWinds supply-chain attack orchestrated by the threat actor tracked as StellarParticle, UNC2452, SolarStorm, and Dark Halo.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-shares-how-solarwinds-hackers-evaded-detection/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 700 776 4531 4644 3617 13568
Solarwinds 56 33 101 81 50 265