"SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics"

The cybersecurity firm Malwarebytes has revealed that it was also targeted by the same nation-state hackers who infected SolarWinds' Orion network management software, which impacted US government agencies and corporations, including Microsoft and FireEye. The SolarWinds cyberattack further highlights how attackers are shifting their focus towards targeting cloud-based services to compromise credentials and access organizations' most sensitive information. Symantec released details about a fourth malware tool called Raindrop used in the SolarWinds attack campaign to move laterally within a network and deploy a malicious Cobalt Strike payload on other computers. FireEye Mandiant's incident response experts published a white paper explaining the methods that SolarWinds attackers and other threat groups use to hack organizations from their on-premise networks to cloud services such as Microsoft 365. Mandiant also released a free script-based tool on GitHub to help detect signs indicating the use of these attack techniques. According to Mandiant, attackers have moved laterally from the victim's network to 365 cloud-based accounts using a mix of four different approaches. This article continues to discuss the targeting of Malwarebytes by SolarWinds hackers, the Raindrop malware tool used in the attack campaign, and the tool released by FireEye Mandiant to help detect signs of the SolarWinds attack. 

Dark Reading reports "SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics"