Microsoft shares how SolarWinds hackers evaded detection - BleepingComputer

Microsoft shares how SolarWinds hackers evaded detection.

How to remove Antivirus 2009 (Uninstall Instructions)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

How to install the Microsoft Visual C++ 2015 Runtime

How to remove a Trojan, Virus, Worm, or other Malware

Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies

This previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defense Operations Center (CDOC)

As Microsoft's security experts found, the hackers who orchestrated the SolarWinds attack showcased a range of tactics, operational security, anti-forensic behavior that drastically decreased the breached organizations' ability to detect their malicious actions

Some examples of SolarWinds hackers' evasion tactics as discovered and highlighted by Microsoft:

After this stage, the threat actor prepared the custom Cobalt Strike implants and selected targets of interest until early-May when the hands-on attacks most likely started

"The removal of the backdoor-generation function and the compromised code from SolarWinds binaries in June could indicate that, by this time, the attackers had reached a sufficient number of interesting targets, and their objective shifted from deployment and activation of the backdoor (Stage 1) to being operational on selected victim networks, continuing the attack with hands-on-keyboard activity using the Cobalt Strike implants (Stage 2)," Microsoft adds

Microsoft uncovered these new details during their ongoing investigation of the SolarWinds supply-chain attack orchestrated by the threat actor tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), SolarStorm (Palo Alto Unit 42), and Dark Halo (Volexity)