SolarWinds Hackers Return with New Bag of Tricks

Share post:

According to a recent report by Mandiant, two hacker groups associated with the SolarWinds hack (UNC3004 and UNC2652) have continued to decide on ways to better compromise a large number of targets.

These tactics include the use of login credentials stolen by finally motivated hackers who can compromise UNC3004 and UNC2652 targets without using a hacked service provider.

Once they gain access to a company’s network, they compromise corporate filters with “application impersonation privileges.” Once this account is hacked, the hackers no longer need to break into each account individually. In addition, the attackers misuse legitimate private proxy services or localized cloud providers such as Azure to connect to end targets.

Attackers also use clever methods to bypass security constraints, one of which involves extracting virtual machines to determine internal routing configurations of the network configurations of the networks they wish to hack.

For more information read the original story in Arstechnica.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Cyber Security Today, July 8, 2024 – New ransomware group discovered, and summer podcast break starts

A new ransomware group is discovered. Welcome to Cyber Security Today. It's Monday July 8th, 2024. I'm Howard Solomon,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways