Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-01-28MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
ZINC attacks against security researchers
ComeBacker Klackring
2021-01-21Medium CSIS TechblogSøren Fritzbøger
Silencing Microsoft Defender for Endpoint using firewall rules
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2021-01-19MalwarebytesMarcin Kleczynski
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-19MandiantDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-19FireEyeDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-14MicrosoftMicrosoft 365 Defender Team
Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender
SUNBURST
2021-01-08US-CERTUS-CERT
Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
SUNBURST SUPERNOVA
2020-12-31MicrosoftMSRC Team
Microsoft Internal Solorigate Investigation Update
SUNBURST
2020-12-28MicrosoftMicrosoft 365 Defender Team
Using Microsoft 365 Defender to protect against Solorigate
SUNBURST TEARDROP
2020-12-26The Washington PostEllen Nakashima
Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk
2020-12-22MicrosoftAlex Weinert
Azure AD workbook to help you assess Solorigate risk
SUNBURST
2020-12-21MicrosoftMSRC Team
Solorigate Resource Center
SUNBURST TEARDROP
2020-12-21MicrosoftTom Burt
Cyber Mercenaries Don’t Deserve Immunity
2020-12-21US Court of Appeals for the Ninth CourtCisco, Github, Google, Internet Association, LinkedIn, Microsoft, VMWare, WhatsApp
Case: 20-16408: WhatsApp et al. vs NSO Group
2020-12-21MicrosoftDetection and Response Team (DART)
Advice for incident responders on recovery from systemic identity compromises
2020-12-21MicrosoftAlex Weinert
Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers.
SUNBURST
2020-12-18MicrosoftAlex Weinert
Protecting Microsoft 365 from on-premises attacks
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-18ReutersJoseph Menn
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds - sources