CISA: SolarWinds Hackers Got Into Networks by Guessing Passwords Dr_Flash/Shutterstock.com email January 7, 2021 The agency also highlighted new indicators of compromise and recommendations for mitigating follow on activity involving Microsoft Cloud users. Perpetrators of a widespread, intelligence-gathering campaign used common hacker techniques to get through passwords in addition to more sophisticated methods, according to an update to the Cybersecurity and Infrastructure Security Agency’s alert. “CISA incident response investigations have identified that initial access in some cases was obtained by password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services,” reads the activity alert updated Wednesday.