CATEGORIES
home News

Microsoft Tactically Nukes SolarWinds Hackers That Infiltrated U.S. Government Agencies

by Nathan OrdThursday, December 17, 2020, 02:14 PM EDT
satya nadella solarwinds

On Monday, news broke that Russian hackers breached SolarWinds in an effort to compromise numerous organizations. While private companies are affected, the most significant targets seemed to be part of the U.S government. Now, Microsoft has swooped in to try and kill the SolarWinds breach with several steps that have rolled out over the past several days.

When you have a breach as widespread as SolarWinds, which is rumored to be backed by hacker group APT29, or Cozy Bear, you must have an extreme response. Cozy Bear is likely to be a part of Russian intelligence and has been behind past DNC attacks and, more recently, COVID-19 research attacks. To stop Cozy Bear in its tracks with the “Sunburst” attack, GeekWire reports that Microsoft has done the following things over the past four days:
  1. December 13, 2020 – Microsoft stripped the certificates that allowed the malicious parts of the SolarWinds package to operate on Windows machines. As Budd explained, “In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.”
  2. December 13, 2020 – Microsoft updates Microsoft Window Defender to detect the malicious files in SolarWinds and alert users.
  3. December 15, 2020 – Microsoft and other companies “sinkholed” on the domains the malware used for command and control. Sinkholing is a method by which companies can take over a domain in court if it is found that the domain is malicious. This cuts off the snake's head, but Microsoft can still use the domain to alert devices that have been infected and are trying to phone back to the domain.
  4. December 16, 2020 – Today, Microsoft changed Microsoft Windows Defender from “alert” set on December 13th to “Quarantine.” Though this may break some software, it forces actions to be taken, so people have to update SolarWinds and eliminate the threat from their systems.
Through all these steps, Microsoft has virtually decimated the SolarWinds breach. There still may be backdoors and compromised devices out there, but this is an impressive and fast step forward for Microsoft. If Microsoft wants something gone, it can be eliminated with the company's full force nearly overnight. That is both a scary and awesome power to wield, so thankfully, Microsoft is on our side.
Tags:  Microsoft, security, (nasdaq:msft), cyber-security
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment