Tag: SolarWinds

Nobelium detection
NOBELIUM APT Attacks Global IT Supply Chain to Spy on Downstream Customers

Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]

Read More
SolarWinds Serv-U Zero-Day (CVE-2021-35211) Detection

A  critical zero-day bug (CVE-2021-35211), existing in SolarWinds Serv-U Managed File Transfer Server and Serv-U Secured FTP products, has been repeatedly exploited in the wild by a China-baked hacker collective, Microsoft reveals. The flaw provides threat actors with the ability to execute arbitrary code remotely and reach the full system compromise. CVE-2021-35211 Description According to […]

Read More
Dark Halo APT Stands Behind SolarWinds Hack, Malwarebytes Breach

A new sophisticated APT group, dubbed Dark Halo (UNC2452, SolarStrom), has recently emerged in the cyber-security arena, gathering top press headlines during the last months. Researchers believe this advanced actor might stand behind the historical SolarWinds hack as well as the attack against Malwarebytes security vendor. Who is Dark Halo? Security experts from Volexity estimate […]

Read More
New Raindrop Malware Connected to SolarWinds Breach

The in-depth inspection of the SolarWinds breach revealed the fourth piece of malicious software connected to this historical incident. According to the infosec experts, the new threat, dubbed Raindrop, is a Cobalt Strike downloader. It was applied in the post-compromise phase of attack to enhance lateral movement across a selected number of targeted networks. Raindrop […]

Read More
Golden SAML Attack Method Used by APT Group Behind SolarWinds Hack

Adversaries apply a malicious Golden SAML method to expand a scale of compromise related to the SolarWinds hack. Although security researchers initially considered that the SolarWinds Orion software was a single access vector, further investigation reveals that the Golden SAML technique allows achieving persistence on any instance within a targeted cloud environment that maintains SAML […]

Read More