SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say. The recently disclosed compromise at SolarWinds and the subsequent targeting of numerous other organizations have focused attention on a dangerous Active Directory Federation Services (ADFS) bypass technique dubbed "Golden SAML," which cybersecurity vendor CyberArk first warned about in 2017. The attack gives threat actors a way to maintain persistent access to all of an enterprise's ADFS federated services. This includes hosted email services, file storage services such as SharePoint, and hosted business intelligence apps, time-card systems, and travel systems, according to a blog post from Israel-based Sygnia. The attention that the SolarWinds campaign has drawn to the attack technique significantly raises the likelihood of adversaries leveraging it in future attacks, Sygnia said. "It is therefore highly advised that organizations move swiftly in taking the necessary steps to protect their [single sign-on] infrastructure and establish effective monitoring to detect and respond to such attacks."