Microsoft выпустила бесплатный инструмент для удаления Solorigate из зараженных сетей
Microsoft предлагает организациям запросы CodeQL, использовавшиеся ею для анализа своего исходного кода после атаки на SolarWinds.
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Microsoft Security
Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others).
Microsoft:
#SolarWinds hackers' goal was the victims' cloud data. Microsoft says that the end goal of the
#SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the
#Sunburst/
#Solorigate #backdoor on their local
#networks.
https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/?&web_view=true
Microsoft: SolarWinds hackers' goal was the victims' cloud data
Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims
Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
The SolarWinds Perfect Storm: Default Password, Access Sales and More
Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack.
Взломы Минфина США и FireEye стали результатом атаки на цепочку поставок
Правительственные хакеры внедрили вредоносное ПО в обновления для платформы SolarWinds Orion.
SecurityLab
Zapataz 🌚
Teddy / Domingo (🇨🇵/🇬🇧)
ITSEC News