FireEye Releases Tool For Auditing Networks for Techniques Used by SolarWinds Hackers

Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report: Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks. Today's FireEye report comes as the security firm has spearheaded investigations into the SolarWinds supply chain compromise, together with Microsoft and CrowdStrike. The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.

Russians

[andydread]

I'm sure FireEye is definitely stung by this one.

Great tools

[CaptQuark]

These tools sound great for system administrators... as long as they don't rely on FireEye to keep them updated.

---