Microsoft says it has discovered another piece of malware used by the alleged Russia-based hacking group responsible for the SolarWinds Orion compromise that creates a post-exploitation backdoor and is used to maintain persistence in a victim’s environment. In a blog post, the Microsoft Threat Intelligence Center called this malware FoggyWeb and says it is used […]
Eight months after the Russia-led highly sophisticated hacking campaign leveraging the SolarWinds Orion platform, the company has released its annual IT Trends Report, this one highlighting how IT professionals perceive their organization’s cyber risk management and mitigation after a tumultuous year. The report touches on everything from external threats, internal threats, remote work policies and […]
SolarWinds says it was notified of an actively exploited vulnerability in its Serv-U managed File Transfer Server and Serv-U Secured FTP.
The hackers behind the compromise of SolarWinds’ software gained access to a Microsoft support agent’s tools to target IT companies, Microsoft says.
The same threat group behind the compromise of SolarWinds’ IT management software is now leveraging legitimate marketing email software and has compromised the account of USAID to send emails with malicious links to gain access to victim IT environments across a range of industry verticals, according to Microsoft. The Redmond IT giant published a series […]
Until this week, the cybersecurity community thought that the nation-state actors behind the SolarWinds Orion compromise began their work in the fall of 2019 before malicious code was snuck into a spring update of the popular IT management software. How the attackers conducted those operations with a great deal of sophistication without being detected was […]
SolarWinds, a trusted provider of IT management software that was rather unknown outside of IT circles, became a household name after it disclosed in December that advanced threat actors compromised certain versions of its Orion platform and carried out attacks against the U.S. government and other private sector technology companies. The company, along with other […]
The U.S. Cybersecurity and Infrastructure Agency has released a new tool designed to help IT and security professionals detect indicators of compromise associated with the SolarWinds and Active Directory/Microsoft 365 Compromise. The tool, CISA Hunt and Incident Response Program (CHIRP), scans for signs of compromise from an advanced persistent threat actor within an on-premises environment. […]
This winter has been a nightmare for cybersecurity and IT teams everywhere, with the most recent being the exploits of vulnerabilities in certain on-premises versions of Microsoft Exchange Server. According to experts and news reports, these attacks started sometime in early January and targeted a wide range of victims, including government, health care, law firms, […]
Microsoft and FireEye are disclosing new details about the hackers behind the massive compromise of the SolarWinds Orion platform, including three new pieces of malware being used in late-stage activity by the group, which Microsoft is calling NOBELIUM. According to both tech companies, the earliest known use of a newly discovered backdoor was in August […]