Items tagged with solarwinds

Yesterday, Microsoft reported that it had detected a 0-day remote code execution exploit being used in the wild against SolarWinds’ Serv-U FTP product. The vulnerability that allowed this exploit has since been patched, but it is still disconcerting, nonetheless. Tracked as CVE-2021-35211, the vulnerability reported to SolarWinds by Microsoft resided in Serv-U’s version of the Secure Shell (SSH) protocol, explains Microsoft’s Threat Intelligence Center (MSTIC). If Serv-U’s SSH happened to be exposed to the internet, black hat hackers could exploit the vulnerability; thus allowing for remote code execution with privileges, leading to malware installations or unwanted data... Read more...
Late last week, we reported that the SolarWinds hackers from last year, called Nobelium, were back in action targeting NGOs around the world, according to data from Microsoft. Now, the Redmond-based company is providing an update on its investigation and some context to the situation. In January, the advanced Russian hacking group Nobelium began ramping up a phishing campaign, targeting "government agencies, think tanks, consultants, and non-governmental organizations." More recently, however, the group gained access to the USAID's "Constant Contact" marketing account, allowing them to send authentic-looking emails with malware embedded to the group's targets. Thankfully, Microsoft's Defender... Read more...
The threat actors behind the SolarWinds attacks late last year have come back online and are targeting international development, humanitarian, and human rights organizations, according to new data from Microsoft. The Russian-based hacking group, called Nobelium, managed to compromise an email marketing account for USAID and has distributed phishing emails with attached malware to the targeted companies. Yesterday, Microsoft reports that Nobelium started its attacks this week by breaching USAID's "Constant Contact" account, which is simply an email marketing account. Using this account, the threat actors were "able to distribute phishing emails that looked authentic but included a link that,... Read more...
The Solorigate hack, which ensnared Microsoft, is finally coming to a close for the Redmond, Washington-based company. The Microsoft Security Response Center (MSRC) team wrote a blog post explaining what they had found in the now-completed investigation following the SolarWinds ordeal. It seems that while hackers stole some files, it was not a big deal for Microsoft as this only reinforced the policies the company has in place. In December of last year, cybersecurity company FireEye discovered hackers had breached SolarWinds Orion, an IT administration and management software package. The hack was found to date back to Spring of 2020, meaning any Orion customer could have been infiltrated. This... Read more...
Since December, a breach at I.T. administration and monitoring software company SolarWinds has been unfurling to reveal several serious security issues. Many companies and government organizations had data accessed and perhaps even stolen. Now, in an interview that gave an interesting insight into the situation, Microsoft's president Brad Smith called the hack the "largest and most sophisticated attack the world has ever seen." SolarWinds Orion, as CBS's 60 Minutes explains, is "one of the most ubiquitous software products you probably never heard of, but to thousands of I.T. departments worldwide, it's indispensable." The software, which simplified I.T. administration and management, touted... Read more...
The SolarWinds breach and subsequent attacks are shaping up to be the most elaborate and long-lasting attacks in some time. Microsoft has done a deep dive into the second stage of the attacks and has found that the attackers are both skilled and elusive. Overall, though, the deep-dive gives us a look into what transpired to make these attacks tick, and it is rather interesting. Once on a network through the Solorigate backdoor (SUNBURST), getting anything done requires new malicious software and a level of secrecy that can be difficult to maintain. Moreover, when executing an attack, you do not want to burn the entire bridge if discovered on a network. Thus, the SolarWinds hackers attempted to... Read more...