Min menu


Microsoft explains how SolarWinds hackers hid their spy



Microsoft said SolarWinds hackers behind a spy campaign that exploited software built by the federal contractor have separated the most valuable hacking tools from other malicious code within victim networks to avoid detection.

The results show that while SolarWinds hackers relied on a variety of tools in their espionage, the manipulated SolarWinds was the cornerstone of a process that Microsoft described as one of the most complex and enduring operations of the decade.

Several U.S. federal agencies focusing on national security were hacked into the campaign, which U.S. officials linked to Russia.

Microsoft's latest research comes as influential security companies continue to emerge as victims of the hacking campaign.

Malwarebytes said SolarWinds hackers apparently violated some of the company's internal emails by abusing access to Microsoft Office 365 and Azure software.

Access to SolarWinds's network monitoring software, used by a group of Fortune 500 companies, will provide attackers with basic access to enterprise sensitive data.

Researchers have since suggested that other groups aim to adopt SolarWinds hacker technology for gains.

Microsoft researchers said: The attackers clearly considered SolarWinds strong back door too precious to lose in the event of discovery.

Spies made sure that the malicious code they used to navigate through the victim's organization was completely separate from Operation SolarWinds.

Microsoft's new search also offers one of the most detailed timelines of the hacking process, covering the time when spies choose victims and prepare cultivated malware.

The attackers spent nearly a month identifying victims after SolarWinds were injured, practically active and moving through victims' networks to obtain valuable data as early as May 2020.

The hackers were meticulous in covering the tracks, preparing unique malicious code for each victim's device, and changed the timestamps of the digital clues they left behind to complicate the process.

Microsoft described the technology as very demanding, not usually visible to other adversaries, and is to prevent the full identification of all hacked assets.