FireEye Releases Tool For Auditing Networks for Techniques Used by SolarWinds Hackers (zdnet.com)
(Tuesday January 19, 2021 @05:40PM (msmash)
from the moving-forward dept.)
- Reference: 0141272820
- News link: https://tech.slashdot.org/story/21/01/19/2023209/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers
- Source link: https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/
Cybersecurity firm FireEye has released today a report [1]detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report:
> Together with the report, FireEye researchers have also released a free tool on GitHub named [2]Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks. Today's FireEye report comes as the security firm has spearheaded investigations into the SolarWinds supply chain compromise, together with Microsoft and CrowdStrike. The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.
[1] https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/
[2] https://github.com/fireeye/Mandiant-Azure-AD-Investigator
> Together with the report, FireEye researchers have also released a free tool on GitHub named [2]Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks. Today's FireEye report comes as the security firm has spearheaded investigations into the SolarWinds supply chain compromise, together with Microsoft and CrowdStrike. The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.
[1] https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/
[2] https://github.com/fireeye/Mandiant-Azure-AD-Investigator
Russians (Score:2)
I'm sure FireEye is definitely stung by this one.