FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond
FireEye, the company that exposed the SolarWinds intrusion, has now announced that it has identified a killswitch that would halt the malware’s operation on infected networks. The White House National Security Council has already created a unified group to coordinate responses across victims and collaborate on solutions. However, the killswitch will only work on networks in which the attackers did not already deploy additional persistence mechanisms, according to FireEye.
FireEye has been conducting research into its own breach and discovered the killswitch through this method. FireEye found that the Trojan Sunburst was deployed by attackers to drop additional payloads that escalated their privileges, allowed them to move laterally, and perform data theft. FireEye also confirmed suspicions that the hack was conducted by a nation state-backed actor, likely Russian, through analyzing the planning and precision which the hack boasted.