SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers
Date    Saturday January 23 2021, @10:43PM
Author    Fnord666
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=21/01/23/0031226

upstart writes in with an IRC submission for SoyCow639:

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers:

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC).

The attackers, which some believe to be sponsored by Russia, breached SolarWinds' systems in 2019 and used a piece of malware named Sundrop to insert a backdoor tracked as Sunburst into the company's Orion product. Sunburst was delivered to thousands of organizations, but a few hundred victims that presented an interest to the attackers received several other pieces of malware and many of their systems were compromised using hands-on-keyboard techniques.

In the case of these victims, the hackers used loaders named Teardrop and Raindrop to deliver Cobalt Strike payloads.

In its latest report on the SolarWinds attack, which it tracks as Solorigate, Microsoft explains how the attackers got from the Sunburst malware to the Cobalt Strike loaders, and how they kept the components separated as much as possible to avoid being detected.

"What we found from our hunting exercise across Microsoft 365 Defender data further confirms the high level of skill of the attackers and the painstaking planning of every detail to avoid discovery," Microsoft said.

[...] While many of the tactics, techniques, and procedures (TTPs) leveraged by the attackers are already documented in the MITRE ATT&CK framework, Microsoft says it's working with MITRE to ensure that the new techniques observed in these attacks will also be added to the framework.


Original Submission

Links

  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers" - https://www.securityweek.com/microsoft-details-opsec-anti-forensic-techniques-used-solarwinds-hackers
  3. "breached SolarWinds' systems" - https://www.securityweek.com/continuous-updates-everything-you-need-know-about-solarwinds-attack
  4. "report on the SolarWinds attack" - https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
  5. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=46952

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers on 2024-03-28 11:27:05