{"id":17968,"date":"2020-12-24T00:12:00","date_gmt":"2020-12-23T23:12:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=17968"},"modified":"2020-12-23T12:55:26","modified_gmt":"2020-12-23T11:55:26","slug":"microsofts-hinweise-fr-opfer-von-cyberangriffen-auch-sunburst","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/12\/24\/microsofts-hinweise-fr-opfer-von-cyberangriffen-auch-sunburst\/","title":{"rendered":"Microsoft's hints for victims of cyberattacks (including Sunburst)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=239984&amp;preview=true\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft published two blog posts from its Detection and Response Team (DART). The posts include advice for incident responders on recovering from systemic identity compromises (after Solarigate) and what to do if infected with the Sunburst Trojan. <\/p>\n<p><!--more--><\/p>\n<h3>Advice on recovering from systemic identity compromises.<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg06.met.vgwort.de\/na\/c4583a639cf3462d93285a10a527018c\" width=\"1\" height=\"1\">I became aware of the Microsoft Detection and Response Team's (DART) blog post <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/12\/21\/advice-for-incident-responders-on-recovery-from-systemic-identity-compromises\/\" target=\"_blank\" rel=\"noopener\">Advice for incident responders on recovery from systemic identity compromises<\/a> for incident responders on recovery from systemic identity compromises via the following tweet.<\/p>\n<p><a href=\"https:\/\/twitter.com\/campuscodi\/status\/1341150477757591556\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Advice for incident responders on recovery from systemic identity compromises \" alt=\"Advice for incident responders on recovery from systemic identity compromises \" src=\"https:\/\/i.imgur.com\/WrmlXer.png\"><\/a><\/p>\n<p>The post contains advice for people responding to a cyberattack (incident responders) looking for information on how to recover from systemic identity compromises. The blog post describes the issues that exist when hackers successfully penetrate an IT environment through compromised accounts or security settings and addresses the various aspects, from auditing to monitoring activity, in such a scenario. It all goes back to the SolarWinds Orion SUNBURST attack. <\/p>\n<h3>Understanding Solorigate Indicator of Compromise (IoC)<\/h3>\n<p>The second post is titled <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/understanding-quot-solorigate-quot-s-identity-iocs-for-identity\/ba-p\/2007610\" target=\"_blank\" rel=\"noopener\">Understanding \"Solorigate\"'s Identity IOCs &#8211; for Identity Vendors and their customers<\/a> and appeared in Techcommunity. It addresses pointers for administrators affected by the Sunburst attack (now referred to by Microsoft as Solarigate) to help recognize the signs that IT systems have been compromised. <\/p>\n<p><img decoding=\"async\" title=\"Solorigate Indicator of Compromise\" alt=\"Solorigate Indicator of Compromise\" src=\"https:\/\/i.imgur.com\/Azfwgh0.png\"><br \/>Solorigate Indicator of Compromise<\/p>\n<p>The topics covered range from hints that you need to understand the IT environment and the attack, and goes into detailed explanations of the patterns used in the attack by the hackers. I think this might be a nice read for people in the field who are suffering from boredom over the holidays. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft published two blog posts from its Detection and Response Team (DART). The posts include advice for incident responders on recovering from systemic identity compromises (after Solarigate) and what to do if infected with the Sunburst Trojan.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-17968","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=17968"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17968\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=17968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=17968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=17968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}