SolarWinds attackers detection evasion mechanism released

Microsoft has shared new details on how hackers behind the SolarWinds breach managed to remain undetected by hiding their activity inside the networks of breached companies. The attackers used a large variety of evasion tactics, techniques, and procedures, including methodic avoidance of shared indicators for each compromised host by deploying custom Cobalt Strike DLL implants on each machine, camouflaging and blending into the environment by renaming tools and binaries to match files and programs on the compromised device, and many others. Microsoft also provided a list of the most unusual tricks used in the attack. Read more...