Skip to content
2020-cyberattack-on-united-states

Content of this post provided by Microsoft.

Editor's Note

Microsoft is aware of a sophisticated attack that utilizes malicious SolarWinds software. On December 17, 2020, Brad Smith posted a blog sharing the most up to date information and detailed technical information for defenders.

As this is an ongoing investigation, Microsoft cybersecurity teams continue to act as first responders to these attacks. We know that customers and partners will have ongoing questions and Microsoft is committed to providing timely updates as new information becomes available. We will make updates through our Microsoft Security Response Center (MSRC) blog at https://aka.ms/solorigate.

There are a number of published resources to assist customers in securing their environments:

  • Microsoft has published a blog outlining this dynamic threat landscape and the principles with which we are approaching the investigation.
  • Microsoft has published an anchor blog with technical details of the attack. This blog will be updated with new information as the investigation continues. Customers should look to this blog as the one stop for updates on the sophisticated attack.
  • Microsoft Defender antivirus and Microsoft Defender for Endpoint have released protections for the malicious SolarWinds software and other artifacts from the attack.
  • Microsoft Azure Sentinel has released guidance to help Azure Sentinel customers hunt in their environments for related activity we have observed with this sophisticated attack.
  • Microsoft 365 Defender and Microsoft Defender for Endpoint customers should review the Threat Analytics article within the Defender console (sign-in is required) for information about detection and potential impact to their environments.
  • For any Microsoft Threat Experts (MTE) customers, where we have observed suspicious activity in the customers’ environments, we have completed Targeted Account Notifications.
  • If a customer has any product support related needs, please continue to direct them to Microsoft Support (CSS) who remain the primary place for all customer support needs.
  • For Identity professionals and Microsoft 365 admin, we have published a blog with guidance on how to protect Microsoft 365 from on-premises attacks.

Microsoft Blog Posts

Drop us a note

Please drop us a note via the form below with your comments or questions on this blog post; or if there is anything we can help you with.

No comment yet, add your voice below!


Add a Comment

Your email address will not be published. Required fields are marked *