In its blog post, Microsoft therefore also calls for joint action to defend against such attacks. This illustrates that the attack is of global significance and how vulnerable the United States basically is. Hits can even be found in Germany, Switzerland and Austria.
The hot spot is in the U.S., but the U.K. This map identifies customers running Defender who have installed versions of SolarWinds' malware-infested Orion software. The card's data is based on telemetry data from Microsoft's Defender anti-virus software. SolarWinds Orion SOLARBURST vulnerability victim, source: Microsoft Microsoft has published the following map showing victims of the SolarWinds Orion SOLARBURST vulnerability. In this blog post, Microsoft gives a general overview of what is known so far about the attacks via the SolarWinds Orion vulnerability. I think we will read more names in the coming hours and days. In addition, there is FireEye and now probably Microsoft (the attack is assigned to the Cosy Bear group).
Naturally, this list refers to US facilities. The colleagues from ZDNet have published the list of confirmed victims so far in this article. Investigations, which are ongoing, have found no evidence that Microsoft's systems were used to attack others. However, Microsoft found no evidence that production services or customer data were accessed. Microsoft confirms there that the malicious SolarWinds binaries were detected, isolated and removed in the Microsoft environment. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others." We have not found evidence of access to production services or customer data. "Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. This can be seen from the following statements in this blog post. Microsoft has also found the malware in its own networks. Microsoft finds Trojans in its own network There is a lot from Cisco and Check Point to Intel and various banks. Shevchenko writes that the list may be inaccurate – but it is definitely interesting to have a look at it. He has written a decoding routine for the encrypted domain identifiers and then published a list of potential victims. In this post he prepares his knowledge regarding what can be deduced about domains of possible victims from malware analysis. There is a thread research blog where Sergei Shevchenko (Threat Research Manager bei Sophos) posts his analysis. GErman blog reader No points out two blog posts on in this comment (thanks for that). In the meantime, however, more and more information is becoming known about who is among the victims. The identification and cleanup of affected systems may take months.
This is because there are also victims who have not deployed SolarWinds Orion or for whom the Orion monitoring software shows no unusual activity. It is now also clear that the attackers used multiple strategies to hack into the victims' IT systems. Department of Energy (DOE) have also been hacked, as I reported last night in the article SUNBURST: US nuclear weapons agency also hacked, new findings.
The networks of the National Nuclear Security Administration (NNSA) and the U.S. The hack of several US agencies via the SUNBURST backdoor in SolarWinds Orion monitoring software (see article FireEye hacked, Red Team tools stolen and US Treasury and US NTIA hacked) is taking on ever greater dimensions.