2021-01-20
SolarWinds: FireEye Offers Remediation Strategies and Auditing Tool
FireEye has published a white paper, Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452, as well as a tool, Mandiant Azure AD Investigator, "for detecting artifacts that may be indicators of UNC2452 and other threat actor activity."
Editor's Note
Check the results of the FireEye tool against your current tool output to avoid blind spots.

Lee Neely
Read more in
FireEye: Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
FireEye: Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (White paper PDF)
Github: fireeye / Mandiant-Azure-AD-Investigator
The Register: FireEye publishes details of SolarWinds hacking techniques, gives out free tool to detect signs of intrusion
ZDNet: FireEye releases tool for auditing networks for techniques used by SolarWinds hackers
Gov Infosecurity: Free Auditing Tool Helps Detect SolarWinds Hackers' Malware