Microsoft's hints for victims of cyberattacks (including Sunburst)

[German]Microsoft published two blog posts from its Detection and Response Team (DART). The posts include advice for incident responders on recovering from systemic identity compromises (after Solarigate) and what to do if infected with the Sunburst Trojan.


Advertising

Advice on recovering from systemic identity compromises.

I became aware of the Microsoft Detection and Response Team's (DART) blog post Advice for incident responders on recovery from systemic identity compromises for incident responders on recovery from systemic identity compromises via the following tweet.

Advice for incident responders on recovery from systemic identity compromises

The post contains advice for people responding to a cyberattack (incident responders) looking for information on how to recover from systemic identity compromises. The blog post describes the issues that exist when hackers successfully penetrate an IT environment through compromised accounts or security settings and addresses the various aspects, from auditing to monitoring activity, in such a scenario. It all goes back to the SolarWinds Orion SUNBURST attack.

Understanding Solorigate Indicator of Compromise (IoC)

The second post is titled Understanding "Solorigate"'s Identity IOCs – for Identity Vendors and their customers and appeared in Techcommunity. It addresses pointers for administrators affected by the Sunburst attack (now referred to by Microsoft as Solarigate) to help recognize the signs that IT systems have been compromised.

Solorigate Indicator of Compromise
Solorigate Indicator of Compromise


Advertising

The topics covered range from hints that you need to understand the IT environment and the attack, and goes into detailed explanations of the patterns used in the attack by the hackers. I think this might be a nice read for people in the field who are suffering from boredom over the holidays.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).