Security News > 2021 > January > Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers
2021-01-21 15:25

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security.

In its latest report on the SolarWinds attack, which it tracks as Solorigate, Microsoft explains how the attackers got from the Sunburst malware to the Cobalt Strike loaders, and how they kept the components separated as much as possible to avoid being detected.

"What we found from our hunting exercise across Microsoft 365 Defender data further confirms the high level of skill of the attackers and the painstaking planning of every detail to avoid discovery," Microsoft said.

While many of the tactics, techniques, and procedures leveraged by the attackers are already documented in the MITRE ATT&CK framework, Microsoft says it's working with MITRE to ensure that the new techniques observed in these attacks will also be added to the framework.

FireEye this week released a white paper detailing the TTPs used by the SolarWinds hackers to target Microsoft 365 environments.

Cybersecurity firm Malwarebytes this week revealed that it too was targeted by the SolarWinds hackers - not through SolarWinds software, but by abusing applications with privileged access to Microsoft 365 and Azure environments.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/inp2IvLpfKc/microsoft-details-opsec-anti-forensic-techniques-used-solarwinds-hackers

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400
Solarwinds 44 0 80 95 40 215