Microsoft Tactically Nukes SolarWinds Hackers That Infiltrated U.S. Government Agencies
- December 13, 2020 – Microsoft stripped the certificates that allowed the malicious parts of the SolarWinds package to operate on Windows machines. As Budd explained, “In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.”
- December 13, 2020 – Microsoft updates Microsoft Window Defender to detect the malicious files in SolarWinds and alert users.
- December 15, 2020 – Microsoft and other companies “sinkholed” on the domains the malware used for command and control. Sinkholing is a method by which companies can take over a domain in court if it is found that the domain is malicious. This cuts off the snake's head, but Microsoft can still use the domain to alert devices that have been infected and are trying to phone back to the domain.
- December 16, 2020 – Today, Microsoft changed Microsoft Windows Defender from “alert” set on December 13th to “Quarantine.” Though this may break some software, it forces actions to be taken, so people have to update SolarWinds and eliminate the threat from their systems.