Skip to main content

Microsoft has discovered yet more SolarWinds malware

posted onDecember 21, 2020
by l33tdawg
Flickr
Credit: Flickr

Microsoft has released its current findings into the SolarWinds attack that continues to shake the global cybersecurity industry.

So far, the technology firm has been able to outline attack methods, malware strains, and mitigation strategies but continues to stress that the full extent of the cyberattack remains unknown. According to Microsoft’s investigation, the SolarWinds attack was able to take place due to a compromised DLL file associated with the Orion infrastructure management platform. The insertion of malicious code into this file created a backdoor for hackers to exploit, allowing them to subsequently carry out a hands-on keyboard attack.

“In many of their actions, the attackers took steps to maintain a low profile,” the Microsoft 365 Defender Research Team explained. “For example, the inserted malicious code is lightweight and only has the task of running a malware-added method in a parallel thread such that the DLL’s normal operations are not altered or interrupted. This method is part of a class, which the attackers named OrionImprovementBusinessLayer to blend in with the rest of the code. The class contains all the backdoor capabilities, comprising 13 subclasses and 16 methods, with strings obfuscated to further hide malicious code.”

Source

Tags

Microsoft Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th