After creating a sinkhole for the domain, Microsoft and a coalition of other companies have seized the domain avsvmcloud[.]com. This domain served as a Command & Control (C2) host for the attackers and delivered the SUNBURST backdoor to 18,000 SolarWinds customers. Because the malware sits dormant for 12-14 days before calling back to the C2, it may take more time to discover who is affected. This effort to sinkhole this domain is to find potentially exposed victims and gain a clearer picture of the overall problem.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased