SolarWinds Hackers Return with New Bag of Tricks

Share post:

According to a recent report by Mandiant, two hacker groups associated with the SolarWinds hack (UNC3004 and UNC2652) have continued to decide on ways to better compromise a large number of targets.

These tactics include the use of login credentials stolen by finally motivated hackers who can compromise UNC3004 and UNC2652 targets without using a hacked service provider.

Once they gain access to a company’s network, they compromise corporate filters with “application impersonation privileges.” Once this account is hacked, the hackers no longer need to break into each account individually. In addition, the attackers misuse legitimate private proxy services or localized cloud providers such as Azure to connect to end targets.

Attackers also use clever methods to bypass security constraints, one of which involves extracting virtual machines to determine internal routing configurations of the network configurations of the networks they wish to hack.

For more information read the original story in Arstechnica.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways