Microsoft said that the SolarWinds attackers used a number of sophisticated methods to remain undetected in victims' networks. They employed operations security best practices to stay under the radar and avoid detection, the company said.
More from Microsoft:
- In its analysis, Microsoft focused on the second-stage activation of the Solorigate (Sunburst) backdoor.
- The backdoor was compiled at the end of February 2020 and distributed to compromised systems in late March.
- Microsoft determined that the attackers spent around a month selecting victims and preparing Cobalt Strike implants and command-and-control infrastructure.