{"id":39202,"date":"2021-01-19T20:42:01","date_gmt":"2021-01-19T20:42:01","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/"},"modified":"2021-01-19T20:42:01","modified_gmt":"2021-01-19T20:42:01","slug":"fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/","title":{"rendered":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion"},"content":{"rendered":"<p>Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling.<\/p>\n<p>In an <a target=\"_blank\" href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/01\/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html\" rel=\"noopener noreferrer\">update<\/a> and <a target=\"_blank\" href=\"https:\/\/www.fireeye.com\/content\/dam\/collateral\/en\/wp-m-unc2452.pdf\" rel=\"noopener noreferrer\">white paper<\/a> [PDF] released on Tuesday, FireEye warned that <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/12\/14\/solarwinds_fireeye_cozybear_us_government\/\" rel=\"noopener noreferrer\">the hackers<\/a> \u2013 which intelligence services and computer security outfits have <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/12\/20\/solarwinds_update_trump_contradicts_pompeo_russia_attribution\/\" rel=\"noopener noreferrer\">concluded<\/a> were state-sponsored Russians \u2013 had specifically targeted two groups of people: those with access to high-level information, and sysadmins.<\/p>\n<div class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>But the targeting of those accounts will be difficult to detect, FireEye warned, because of the way they did it: forging the digital certificates and tokens used for authentication to look around networks without drawing much or any attention.<\/p>\n<p>\u201cDetection of forged SAML tokens actively being used against an organization has proven to be difficult,\u201d the white paper notes. \u201cOne possibility is to compare entries in the Azure AD Sign-Ins log against the security event logs of the on-premises AD FS servers to ensure that all authentications originated from AD FS.\u201d<\/p>\n<div class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250%7C300x252%7C300x600&amp;tile=3&amp;c=33YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250%7C300x252%7C300x600&amp;tile=3&amp;c=33YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It notes however that \u201ctechnically, every sign-in recorded in Azure AD will have a corresponding event in the on-premises security event logs. However, in real-world environments, this exercise is impractical for most organizations.\u201d<\/p>\n<h3 class=\"crosshead\"> <span>Rundown<\/span><br \/>\n<\/h3>\n<p>Fortunately, the paper gives a detailed rundown for how to search logs and what to look for to see if an account has been compromised, complete with step-by-step instructions for how to cut access and provide additional protection in future.<\/p>\n<p>\u201cWhen a credential that has been added to an application is used to login to Microsoft 365, it is recorded differently than an interactive user sign-in,\u201d the paper notes. \u201cIn the Azure Portal these logins can be viewed by navigating to Sign-Ins under the Azure Active Directory blade and then clicking the service principal Sign-ins tab\u2026 Note that currently these sign-ins are not recorded in the Unified Audit Log.\u201d<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/01\/12\/shutterstock_russia.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"A guy hugging a bear. Presumably in Russia\"><\/p>\n<h2 title=\"In a brave move, Russian firm fingers its own govt as one possible source of cyber badness\">Kaspersky Lab autopsies evidence on SolarWinds hack<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2021\/01\/12\/solarwinds_russia_kaspersky\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>As for mitigation measures, FireEye suggests broadly: a review of all sysadmin accounts in particular to see if there are any \u201cthat have been configured or added to a specific service principal\u201d and remove them, and then search for suspicious application credentials and remove them too.<\/p>\n<h3 class=\"crosshead\"> <span>Search and destroy<\/span><br \/>\n<\/h3>\n<p>The biz has also released a <a target=\"_blank\" href=\"https:\/\/github.com\/fireeye\/Mandiant-Azure-AD-Investigator\" rel=\"noopener noreferrer\">free tool<\/a> on GitHub it\u2019s calling the Azure AD Investigator that will warn organizations if there are signs their networks were compromised via SolarWinds&#8217; backdoored Orion software: there were an estimated 18,000 organizations potentially infected, SolarWinds <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/12\/15\/solar_winds_update\/\" rel=\"noopener noreferrer\">warned<\/a> last month; many of them government departments and Fortune 500 companies.<\/p>\n<p>FireEye also warned that it looks as though the hackers prioritized government officials and software companies; the latter because they could provide future routes of attack into other networks.<\/p>\n<h3 class=\"crosshead\"> <span>Primary colors<\/span><br \/>\n<\/h3>\n<p>The report outlined the four \u201cprimary techniques\u201d used by the hackers:<\/p>\n<ol>\n<li>Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users. This bypassed various authentication requirements.<\/li>\n<li>Modify or add trusted domains in Azure AD to add a new federated Identity Provider (IdP) that the attacker controls. This essentially created a backdoor on the network.<\/li>\n<li>Compromise the credentials of on-premises user accounts that are synchronized to Microsoft 365 that have high privileged directory roles, such as Global Administrator or Application Administrator. This is the targeting of sysadmins.<\/li>\n<li>Backdoor an existing Microsoft 365 application by adding a new application or service principal credential in order to use the legitimate permissions assigned to the application, such as the ability to read email, send email as an arbitrary user, access user calendars, etc.<\/li>\n<\/ol>\n<p>Since FireEye <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/12\/09\/fireeye_tools_hacked\/\" rel=\"noopener noreferrer\">disclosed<\/a> the hack a month ago, numerous US government orgs including the Commerce Department, Treasury and Justice have discovered they were compromised thanks to a tampered update of the SolarWinds network monitoring software. Microsoft later <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/msrc-blog.microsoft.com\/2020\/12\/31\/microsoft-internal-solorigate-investigation-update\/\">admitted<\/a> that its source code had been rifled through.<\/p>\n<p>The attackers were in the systems, undetected, for anywhere up to six months, giving them lots of time to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/01\/08\/solarwinds_court_docs\/\" rel=\"noopener noreferrer\">snoop around<\/a> as well as install hidden holes for future access. The hack is so severe that it formed a significant part of the confirmation hearing for new national intelligence director nominee Avril Haines in Washington DC on Tuesday.<\/p>\n<div class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x100%7C300x250%7C300x251&amp;tile=4&amp;c=44YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x100%7C300x250%7C300x251&amp;tile=4&amp;c=44YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Haines said she had yet to be fully briefed on the hack but did note that the Department of Homeland Security has decided it represented \u201ca grave risk\u201d to government systems and that it was \u201cextraordinary in its nature and its scope.\u201d \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/01\/19\/fireeye_solarwinds_code\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Instructions for spotting and keeping suspected Russians out of systems Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-39202","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-19T20:42:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion\",\"datePublished\":\"2021-01-19T20:42:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\"},\"wordCount\":745,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\",\"name\":\"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-01-19T20:42:01+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage\",\"url\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/","og_locale":"en_US","og_type":"article","og_title":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-19T20:42:01+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion","datePublished":"2021-01-19T20:42:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/"},"wordCount":745,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/","url":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/","name":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-01-19T20:42:01+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x250&amp;tile=2&amp;c=2YAd5yGCK8IVBmyiCTo7HGwAAAFM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/fireeye-publishes-details-of-solarwinds-hacking-techniques-gives-out-free-tool-to-detect-signs-of-intrusion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39202"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39202\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}