Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

Credit to Author: Eric Avena| Date: Wed, 20 Jan 2021 17:30:01 +0000

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?

The post Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop appeared first on Microsoft Security.

Read more

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

Credit to Author: Eric Avena| Date: Thu, 14 Jan 2021 17:00:19 +0000

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.

The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security.

Read more

Using Microsoft 365 Defender to protect against Solorigate

Credit to Author: Eric Avena| Date: Mon, 28 Dec 2020 17:25:16 +0000

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.

The post Using Microsoft 365 Defender to protect against Solorigate appeared first on Microsoft Security.

Read more

Advice for incident responders on recovery from systemic identity compromises

Credit to Author: Jenny Erie| Date: Mon, 21 Dec 2020 22:03:06 +0000

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.

The post Advice for incident responders on recovery from systemic identity compromises appeared first on Microsoft Security.

Read more

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

Credit to Author: Eric Avena| Date: Fri, 18 Dec 2020 22:15:14 +0000

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and protections we have built in as a result. While the full extent of…

The post Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers appeared first on Microsoft Security.

Read more

Collaborative innovation on display in Microsoft’s insider risk management strategy

Credit to Author: Eric Avena| Date: Thu, 17 Dec 2020 22:00:04 +0000

Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals.  

The post Collaborative innovation on display in Microsoft’s insider risk management strategy appeared first on Microsoft Security.

Read more

Sophisticated new Android malware marks the latest evolution of mobile ransomware

Credit to Author: Eric Avena| Date: Thu, 08 Oct 2020 16:00:35 +0000

We found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms.

The post Sophisticated new Android malware marks the latest evolution of mobile ransomware appeared first on Microsoft Security.

Read more