This means there are really three subgroups within the potential victims of these attacks: Orion users who installed the backdoor but were never otherwise exploited; victims who had some malicious activity on their networks, but who ultimately weren't appealing targets for attackers; and victims who were actually deeply compromised because they held valuable data.
"If they didn't exfiltrate data, it’s because they didn’t want it," says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. "If they didn’t take access, it’s because they weren’t interested in it."
No One Knows How Deep Russia's Hacking Rampage Goes
Even so, that first and second group still need to neuter the backdoor to prevent future access. Since it was able to analyze indicators from its own breach, FireEye led an effort that other firms have since joined to publish information about the anatomy of the attacks. Some of the “indicators of compromise” include IP addresses and Domain Name Service record responses associated with the attackers' malicious infrastructure. Responders and victims can use this information to check whether servers or other devices on their networks have been communicating with the hackers' systems. Microsoft also worked with FireEye and GoDaddy to develop a sort of "kill switch" for the backdoor by seizing control of IP addresses the malware communicates with, so it can't receive commands anymore.
Eliminating the backdoor is crucial, especially since the attackers have still been actively ..
Support the originator by clicking the read the rest link below.
