1 of 6
Image Credit: doe.gov
Anxiety over the recent SolarWinds and US government cyberattack went up a notch Thursday when the DHS' Cybersecurity and Infrastructure Security Agency (CISA) warned the advanced persistent group behind the incident might be using multiple tactics to gain initial access into target networks.
It was first widely thought that the likely Russia-backed threat actor was distributing malware to thousands of organizations worldwide by hiding it in legitimate updates to SolarWinds' Orion network management software. On Thursday, CISA said its analysis showed attackers may have also used another initial vector: a multi-factor authentication bypass, done by accessing the secret key from the Outlook Web App (OWA) server.
CISA pointed to an alert that Volexity issued earlier in the week, in which the security vendor noted this MFA bypass tactic was used in another attack involving the same intruder responsible for the SolarWinds campaign.
News of at least one additional attack vector, and likely more, came as organizations and the industry as a whole struggled to come to terms with what is arguably among the most significant cyber incidents in recent years. The attackers who breached SolarWinds used the company's software updates — and now, according to CISA, other methods — to install a backdoor called SUNBURST on systems belonging to gov ..
Support the originator by clicking the read the rest link below.
