Security News > 2021 > February > More SolarWinds News

We have published our in-depth analysis of the Solorigate backdoor malware, the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices.

One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader.

To uncover these cases, we used the powerful, cross-domain optics of Microsoft 365 Defender to gain visibility across the entire attack chain in one complete and consolidated view.

Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations.

Once the attackers had that initial foothold, they used a variety of complex privilege escalation and authentication attacks to exploit flaws in Microsoft's cloud services.

Another of the Advanced Persistent Threat's targets, security firm CrowdStrike, said the attacker tried unsuccessfully to read its email by leveraging a compromised account of a Microsoft reseller the firm had worked with.

News URL

https://www.schneier.com/blog/archives/2021/02/more-solarwinds-news.html