The SolarWinds Hackers Used Tactics Other Groups Will Copy

The SolarWinds Hackers Used Tactics Other Groups Will Copy

One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this wasn't the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims' networks with simple and elegant strategies. Researchers are bracing for a surge in popularity among copycat employed simple and elegant strategies to bore deeper into their chosen targets once they had initial access through SolarWinds. Now researchers are bracing for a surge in those techniques from other attackers.


The SolarWinds hackers used their access in many cases to infiltrate their victims' Microsoft 365 email services and Microsoft Azure Cloud infrastructure—both treasure troves of potentially sensitive and valuable data. The challenge of preventing these types of intrusions into Microsoft 365 and Azure is that they don't depend on specific vulnerabilities that can simply be patched. Instead hackers use an initial attack that positions them to manipulate Microsoft 365 and Azure in a way that appears legitimate. In this case, to great effect.


"Now there are other actors that will obviously adopt these techniques, because they go after what works," says Matthew McWhirt, a director at Mandiant Fireeye, first identified the Russian campaign at the beginning of December.



"I'm sure that other attackers will note this and use it more and more from now on." Shaked Reiner, CyberArk



In the recent barrage, hackers compromised a SolarWinds product, Orion, and distributed tainted updates that gave the attackers a foothold on the net ..

Support the originator by clicking the read the rest link below.