Microsoft explains how SolarWinds hackers concealed their spyware |
Microsoft said: SolarWinds hackers are behind the spying activity using software created by federal companies. They separate the most valuable hacking tools from other malicious code on the victim's network to avoid detection.
The results show that while SolarWinds hackers rely on a variety of spying tools, tampering with SolarWinds is one of the most complex and enduring operations Microsoft has described in a decade.
The campaign infiltrated several US federal agencies that deal with national security, and US agencies linked them to Russia.
Microsoft's latest research shows that influential security companies still fall victim to hacking activities.
It appears that SolarWinds hackers have breached some of the company's internal email by abusing access to Microsoft Office 365 and Azure software, Malwarebytes said.
Access to SolarSods network monitoring software used by the Fortune 500 company gives attackers basic access to critical business information.
Since then, researchers have suggested that other organizations may want to use SolarWinds hacking technology to generate revenue.
Microsoft researchers said: It's clear that attackers think SolarWinds' robust backdoor is so important that it cannot be lost once detected.
The spies ensure that the malicious code they use to search the victim's enterprise is completely separate from the SolarWinds process.
The latest research from Microsoft also offers one of the most detailed schedules for hacking software. They cover up when spies select victims and prepare to install malware.
After the SolarWinds attack, the attacker spent about a month identifying the victim and began searching for valuable data on the victim's network as early as May 2020.
The hackers meticulously searched the path, creating a malicious code unique to each victim's device, and altering the timestamp of the digital clues left behind, complicating the process.
Microsoft describes the technology as too complex and usually does not appear to other opponents to prevent full identification of all affected assets.