Wind, a spacecraft that has spent twenty years collecting (unrelated) solar wind data. “/>When security firm Malwarebytes announced last week that it had been attacked by the same attacker who compromised SolarWinds Orion software, they pointed out that the attack did not use SolarWinds itself. According to Malwarebytes, the attacker had used “another intrusion vector” to gain access to a limited subset of corporate emails.
Brandon Wales, acting director of the U.S. Cyber Security and Infrastructure Agency (CISA), said nearly a third of the organizations attacked had no direct connection to SolarWinds.
[The attackers] he had access to his targets in various ways. This opponent has been creative… it is absolutely correct that this campaign should not be viewed as the SolarWinds campaign.
Most of the attacks were initially rooted in the pulverization of passwords compromising individual email accounts in specific organizations. Once the attackers gained a foothold in the first place, they used a variety of complex authentication and elevation of privilege attacks to exploit loopholes in Microsoft’s cloud services. Another Advanced Persistent Threat (APT) target, security firm CrowdStrike, said the attacker unsuccessfully attempted to read his email taking advantage of a compromised account of a Microsoft reseller the company had worked with. .
According to the Wall Street Journal, SolarWinds is currently investigating the possibility that these Microsoft flaws were the first vector of APT in its own organization. In December, Microsoft said the APT in question had accessed its own corporate network and viewed the internal source code, but found “no evidence that our systems were being used to attack other people.” By that time, Microsoft had identified more than 40 attacks against its customers, a number that has since increased.
Related Downloads:
Vasu Jakkal, vice president of security, compliance and identity at Microsoft, told ZDNet that the “SolarWinds” campaign is not an isolated emergency but a new normal, saying, “These attacks will continue to grow. ‘be more sophisticated. So we should expect that. It is neither the first nor the last. It is not an outlier. This will be the norm.