Microsoft security researchers have continued to investigate Solorigate which caused supply chain compromise and the subsequent compromise of cloud assets and have said that the ultimate ambition of the compromise was to pivot to the victims’ cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks.
The Solorigate attack features a sophisticated technique involving a software supply chain compromise that allowed attackers to introduce malicious code into signed binaries on the SolarWinds Orion Platform, a popular IT management software.
The compromised application grants attackers “free” and easy deployment across a wide range of organizations who use and regularly update the application, with little risk of detection because the signed application and binaries are common and are considered trusted.
Microsoft mentioned that the target has clearly set on Cloud now.
‘With this initial widespread foothold, the attackers can then pick and choose the specific organizations they want to continue operating within (while others remain an option at any point as long as the backdoor is installed and undetected’
Based on the investigations, the next stages of the attack involves on-premises activity with the goal of off-premises access to cloud resources
Many tests, detection and remediation steps are also proposed specially for Endpoint, detecting hands on keyboard activity within on premise environment and cloud enviiroment, Identifying unusual addition of credentials to an OAuth app, Discovering malicious access to mail items, detecting and blocking backdoor activities, etc and thereby shared mitigation measures against unauthorized cloud access making it difficult for threat actors to gain access.
Much clear visibility about the attack chains and related threat intelligence is analysed as early as possible so organizations can identify and take action to stop this attack, understand the potential scope of its impact, and begin the recovery process from this active threat.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…