Aliases: No associated aliases
This threat can allow remote sophisticated attackers to gain access and perform backdoor commands on an affected device. It is a modified DLL component of a legitimate software.
Attackers use this threat to gain initial access to a device. When the related software is opened, this modified DLL is loaded and connects to command-and-control servers to listen for commands and get additional payloads.
Microsoft Defender Antivirus detects this threat. It raises an alert when it detects the threat on your device, but it doesn't automatically remediate it in order to not affect legitimate services. If this threat is detected on your environment, we recommend that you immediately investigate and manually remediate it.
NOTE: Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. Microsoft previously used ‘Solorigate’ as the primary designation for the actor, but moving forward, we want to place appropriate focus on the actors behind the sophisticated attacks, rather than one of the examples of malware used by the actors. Microsoft Threat Intelligence Center (MSTIC) has named the actor behind the attack against SolarWinds, the SUNBURST backdoor, TEARDROP malware, and related components as NOBELIUM. As we release new content and analysis, we will use NOBELIUM to refer to the actor and the attack campaigns.
Read our latest reports:
To help reduce the impact of this threat, you can:
Microsoft Defender Antivirus detects this threat. It raises an alert when it detects the threat on your device, but it doesn't automatically remediate it in order to not affect legitimate services. If this threat is detected on your environment, we recommend that you immediately investigate and manually remediate it.
You can also visit our advanced troubleshooting page or search the virus and malware community for more help.
