Microsoft Releases New Info on SolarWinds Attack Chain Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says. More than one month after the SolarWinds breach that impacted numerous organizations was first uncovered, new details of the sophisticated operation continue to trickle out. The latest information comes from Microsoft, which this week released details of its analysis of the tactics used by the threat actors to activate a second-stage payload for downloading the Cobalt Strike attack kit on infected systems. Related Content: According to Microsoft, that particular aspect of the attack chain has been unclear up until now and is significant because it reveals the extent to which the attackers went to ensure operational security.