She said a company Microsoft: The SolarWinds hackers, who are behind the spyware campaign that exploited the software built by the federal contractor, have separated the most valuable hacking tools from other malicious code within the victims’ networks to avoid detection.
The results demonstrate that while the SolarWinds hackers relied on a variety of tools in their spying, the manipulated SolarWinds software was the cornerstone of a process Microsoft described as one of the most complex and enduring of the decade.
Several US federal agencies focused on national security were infiltrated in the campaign, which US officials linked to Russia.
Microsoft’s latest research comes as influential security companies continue to emerge as victims of the hacking campaign.
And theShe said Malwarebytes: The SolarWinds hacker apparently violated some of the company’s internal emails by misusing access to Microsoft Office 365 and Azure software.
And access to SolarWinds’ network monitoring software, used by a group of Fortune 500 companies, would provide attackers basic access to critical enterprise data.
Researchers have since suggested that other groups aim to adopt SolarWinds hacker technologies to gain.
Microsoft researchers said: The attackers apparently deemed SolarWinds’ powerful backdoor too valuable to lose in the event of a discovery.
And the spies made sure that the malicious code they used to navigate the victim’s organization is completely separate from the SolarWinds process.
Microsoft’s new research also provides one of the most detailed timelines for the hacking process, covering when spies pick victims and prepare implanted malware.
The attackers spent about a month identifying victims after the SolarWinds were hit, and they were They are operational and navigating victims’ networks to obtain valuable data as early as May 2020.
And the hackers were meticulous in covering the tracks, preparing malicious code unique to every victim’s device, And they altered the timestamps of the digital clues they left behind to complicate the process.
Microsoft described this technology as requiring a very large effort, and does not usually appear to other opponents, and is done to prevent the full identification of all the compromised assets.