Microsoft releases details of tactics used by threat actors to activate second-stage payload for downloading Cobalt Strike attack kit on infected systems. About 18,000 government entities, security firms, and large corporations including Microsoft unwittingly downloaded the weaponized SolarWinds updates on their networks. Microsoft says attackers went out of their way to ensure that these two components are separated as much as possible to evade detection. The full motives behind the operation and its victims remain unclear, though some believe it may have been for corporate espionage or spying.”]
Source: https://www.darkreading.com/attacks-breaches/microsoft-releases-new-info-on-solarwinds-attack-chain