Microsoft, FireEye, and GoDaddy to collaborate to create kill switch for SolarWinds SUNBURST backdoor

Recent FireEye report has revealed that Russian-state sponsored hackers breached SolarWinds and added malicious code to Windows DLL file used by their Orion IT monitoring platform. According to the report, the SUNBURST backdoor was connecting to the command and control server (C2) at a subdomain of avsvmcloud[.]com to receive the commands to execute. The malware would terminate if the IP address would get in a certain range. Yesterday the server domain of avsvmcloud[.]com was seized by Microsoft in order to create the kill switch for the backdoor. Read more...