Microsoft shares how SolarWinds hackers evaded detection - BleepingComputer
Microsoft shares how SolarWinds hackers evaded detection.How to remove Antivirus 2009 (Uninstall Instructions)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerHow to install the Microsoft Visual C++ 2015 RuntimeHow to remove a Trojan, Virus, Worm, or other MalwareMicrosoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companiesThis previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defense Operations Center (CDOC)As Microsoft's security experts found, the hackers who orchestrated the SolarWinds attack showcased a range of tactics, operational security, anti-forensic behavior that drastically decreased the breached organizations' ability to detect their malicious actionsSome examples of SolarWinds hackers' evasion tactics as discovered and highlighted by Microsoft:After this stage, the threat actor prepared the custom Cobalt Strike implants and selected targets of interest until early-May when the hands-on attacks most likely started"The removal of the backdoor-generation function and the compromised code from SolarWinds binaries in June could indicate that, by this time, the attackers had reached a sufficient number of interesting targets, and their objective shifted from deployment and activation of the backdoor (Stage 1) to being operational on selected victim networks, continuing the attack with hands-on-keyboard activity using the Cobalt Strike implants (Stage 2)," Microsoft addsMicrosoft uncovered these new details during their ongoing investigation of the SolarWinds supply-chain attack orchestrated by the threat actor tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), SolarStorm (Palo Alto Unit 42), and Dark Halo (Volexity)