Security News > 2020 > December > Microsoft: SolarWinds hackers' goal was the victims' cloud data
Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.
As the Microsoft 365 Defender Team explains, after infiltrating a target's network with the help of the Sunburst backdoor, the attackers' goal is to gain access to the victims' cloud assets.
Microsoft's previous articles on the SolarWinds supply chain attack and National Security Agency guidance also hinted at the fact that the attackers' ultimate goal was to generate SAML tokens to forge authentication tokens allowing access to cloud resources.
Using attacker-created SAML tokens to access cloud resources and perform actions leading to the exfiltration of emails and persistence in the cloud.
In its guidance highlighting SolarWinds hackers' TTPs for pivoting to cloud resources, the NSA also shared mitigation measures against unauthorized cloud access which require making it difficult for threat actors to gain access to on-premise identity and federation services.
News URL
Related news
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft lost some customers’ cloud security logs (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)