Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
#1
Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code being pushed to nearly 18,000 customers of its Orion platform. Many U.S. federal agencies and Fortune 500 firms use(d) Orion to monitor the health of their IT networks.
On Dec. 13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye said hacked networks were seen communicating with a malicious domain name — avsvmcloud[.]com — one of several domains the attackers had set up to control affected systems.
As first reported here on Tuesday, there were signs over the past few days that control over the domain had been transferred to Microsoft. Asked about the changeover, Microsoft referred questions to FireEye and to GoDaddy, the current domain name registrar for the malicious site.

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  SolarWinds Attackers Accessed DHS Secretary’s Emails — Report Bjyda 0 1,064 03-31-2021 , 09:38 PM
Last Post: Bjyda
  SolarWinds Incident May Bring Data Breach Notification Rules Bjyda 0 1,161 03-05-2021 , 12:05 AM
Last Post: Bjyda
  FireEye finds new malware likely linked to SolarWinds hackers Bjyda 0 1,536 03-04-2021 , 07:15 PM
Last Post: Bjyda
  Microsoft slams Amazon’s AWS over Solarwinds silence Bjyda 0 890 02-27-2021 , 11:01 PM
Last Post: Bjyda
  SolarWinds hackers targeted NASA, Federal Aviation Administration networks Bjyda 0 1,468 02-24-2021 , 11:44 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)