Solorigate Archives - ThreatsHub Cybersecurity News

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

February 25, 2021 TH Author CodeQL, Cybersecurity, incident response, Microsoft security intelligence, Security Intelligence, Solorigate

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

January 20, 2021 TH Author Cybersecurity, Microsoft security intelligence, Raindrop, Solorigate, Sunburst, TEARDROP

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
The post Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

January 14, 2021 TH Author Azure Defender, Cybersecurity, Microsoft 365 Defender, Microsoft security intelligence, sec admins, Solorigate, Sunburst

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.
The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Using Microsoft 365 Defender to protect against Solorigate

December 28, 2020 TH Author Cybersecurity, Microsoft 365 Defender, Microsoft security intelligence, Solorigate

This blog is a comprehensive guide for security operations and incident response teams using Microsoft 365 Defender to identify, investigate, and respond to the Solorigate attack if it’s found in your environment.
The post Using Microsoft 365 Defender to protect against Solorigate appeared first on Microsoft Security. READ MORE HERE…

Microsoft Secure

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers

December 18, 2020 TH Author Cybersecurity, Microsoft security intelligence, Solorigate, supply chain attacks

We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and protections we have built in as a result. While the full extent of…
The post Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers appeared first on Microsoft Security. READ MORE HERE…