Microsoft shares how SolarWinds hackers evaded detection.
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
How to install the Microsoft Visual C++ 2015 Runtime
How to remove a Trojan, Virus, Worm, or other Malware
Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies
This previously unknown information was disclosed by security experts part of the Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defense Operations Center (CDOC)
As Microsoft's security experts found, the hackers who orchestrated the SolarWinds attack showcased a range of tactics, operational security, anti-forensic behavior that drastically decreased the breached organizations' ability to detect their malicious actions
Some examples of SolarWinds hackers' evasion tactics as discovered and highlighted by Microsoft:
After this stage, the threat actor prepared the custom Cobalt Strike implants and selected targets of interest until early-May when the hands-on attacks most likely started
"The removal of the backdoor-generation function and the compromised code from SolarWinds binaries in June could indicate that, by this time, the attackers had reached a sufficient number of interesting targets, and their objective shifted from deployment and activation of the backdoor (Stage 1) to being operational on selected victim networks, continuing the attack with hands-on-keyboard activity using the Cobalt Strike implants (Stage 2)," Microsoft adds
Microsoft uncovered these new details during their ongoing investigation of the SolarWinds supply-chain attack orchestrated by the threat actor tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), SolarStorm (Palo Alto Unit 42), and Dark Halo (Volexity)