IT companies bear brunt of new SolarWinds hacker attacks
IT companies bear brunt of new SolarWinds hacker attacks
Comprising 57 per cent of total targets in the latest spate of activity. Credit: Dreamstime
IT companies have made up the majority of organisations targeted amid new activity by the group behind last year’s SolarWinds supply-chain attack, with at least one victim coming from Microsoft’s customer support ranks.
On 25 June, the Microsoft Threat Intelligence Centre said it was tracking new activity from the Nobelium threat actor – as Microsoft has dubbed the group – with the vendor observing password spray and brute-force attacks, among other potential methods and tactics.
01/19/2021
Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent Solorigate advanced persistent threat (APT) attacks.
Malwarebytes has inside knowledge to that effect because it, too, was a victim of this APT group, which is alleged to be a nation-state actor, with Russia having been named. Malwarebytes doesn t use the SolarWinds Orion management software, which got corrupted by a so-called supply-chain attack method of inserting code at the build stage, which is referred to as Sunburst or Solorigate.
Instead, Malwarebytes was first notified it had a possible issue when it was contacted by the Microsoft Security Response Center about the suspicious activity of an application used with the Microsoft 365 service.
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
Malwarebytes hacked by SolarWinds attackers
Becomes latest vendor implicated in the state attack Credit: Dreamstime
Anti-malware software vendor Malwarebytes has become the latest technology company swept up in last year s attack on SolarWinds.
The US-based vendor admitted it has received notices of suspicious third-party activity from the Microsoft Security Response Centre on December 15.
According to Malwarebytes, these reflected tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks, reportedly a hacking group linked to the Russian government.
Malwarebytes has confirmed that the SolarWinds attackers managed to access internal emails, although via a different intrusion vector to many victims.
While many of the organizations caught up in the suspected Russian cyber-espionage campaign were compromised via a malicious SolarWinds Orion update, US government agency CISA had previously pointed to a second threat vector. This involved use of password guessing or spraying and/or exploiting inappropriately secured admin or service credentials.
The security vendor said attackers abused applications with privileged access to Microsoft Office 365 and Azure environments.
“We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks,” the vendor explained.
Malwarebytes says SolarWinds hackers accessed its internal emails
By
03:03 PM
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor, Malwarebytes CEO and co-founder Marcin Kleczynski said. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails.