Catalin Cimpanu reports:
Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads.
The OS maker said it was able to discover these intrusions using data collected by Microsoft Defender antivirus product, a free antivirus product built into all Windows installations.
Read more on ZDNet.
The bad news just keeps on coming — but better we should find out than not find out, right?
Ionut Ilascu reports on BleepingComputer: Nation-state hackers breached US think tank thrice in a row.
Michael Riley, Kartikay Mehrotra, and William Turton of Bloomberg provide more background and details in their reporting: Russia-Linked SolarWinds Hack Ensnares Widening List of Victims.
On a somewhat positive note, Brian Krebs reported that a Malicious Domain in SolarWinds Hack was Turned into ‘Killswitch’
There may some consoling thought, though, as Jake Williams tweeted yesterday:
If you’re having a bad week, take it from someone who’s been on the other side of the keyboard: the Russians are having a MUCH worse week. Like orders of magnitude worse.
Savor that thought.
— Jake Williams (@MalwareJake) December 18, 2020
If you’re having a bad week, take it from someone who’s been on the other side of the keyboard: the Russians are having a MUCH worse week. Like orders of magnitude worse.
Savor that thought.
I have no way to evaluate the accuracy of that statement, but even if they are having a bad week, it seems that we have had a bad year and have a lot more bad months for some customers as they try to recover.