Dec 17 2020 12:06 PM - edited Dec 21 2020 02:54 AM
Microsoft has been monitoring a sophisticated attack involving compromised 3rd-party software, including an intrusion through malicious code in the SolarWinds Orion product. This results in the attacker gaining a foothold in the network, which the attacker can use to gain elevated credentials. For further details, please refer to the SolarWinds advisory and the FireEye advisory.
Additionally, FireEye Red Team tools were recently stolen from the company. For further details, please refer to the FireEye blog post.
To help Azure Defender for IoT detect these latest threats, we strongly recommend deployment of the attached threat intelligence (TI) package as soon as possible (dated 2020-12-15).
To deploy the TI, please follow the following instructions.
If you need support deploying the TI package, please contact your customer success manager, or visit the Microsoft support site:
Microsoft has also published updates to Microsoft Defender to help block related attacks, and to Azure Sentinel that provide additional signals for post-compromise techniques observed in these intrusions. For more details, please see the Microsoft blog post titled “Customer Guidance on Recent Nation-State Cyber Attacks.”
It is our goal to continue to provide world-class support to our customers as part of the broader security ecosystem. This situation is evolving, so we will provide updates as they become available.
For further information: