SolarWinds: Domain Seized and Used as Kill Switch
Microsoft and a group of other tech companies have seized and sinkholed a malicious domain that was being used as a command-and-control server to communicate with networks infected through the SolarWinds supply chain attack. The domain has been reconfigured so that in some cases, it acts as a kill switch, preventing the SUNBURST malware that was distributed through the compromised SolarWinds software update system from operating.
While this shuts down the C&C server, making it more difficult to leverage the existing SUNBURST malware distributions, the malware is still in place and still needs to be contained and eradicated. Also look for indicators of malicious activity such as credential changes and anomalous network traffic.
Read more in
KrebsOnSecurity: Malicious Domain in SolarWinds Hack Turned into 'Killswitch'
Bleeping Computer: FireEye, Microsoft create kill switch for SolarWinds backdoor