SolarWinds Hackers Return with New Bag of Tricks

December 7, 2021

According to a recent report by Mandiant, two hacker groups associated with the SolarWinds hack (UNC3004 and UNC2652) have continued to decide on ways to better compromise a large number of targets.

These tactics include the use of login credentials stolen by finally motivated hackers who can compromise UNC3004 and UNC2652 targets without using a hacked service provider.

Once they gain access to a company’s network, they compromise corporate filters with “application impersonation privileges.” Once this account is hacked, the hackers no longer need to break into each account individually. In addition, the attackers misuse legitimate private proxy services or localized cloud providers such as Azure to connect to end targets.

Attackers also use clever methods to bypass security constraints, one of which involves extracting virtual machines to determine internal routing configurations of the network configurations of the networks they wish to hack.

For more information read the original story in Arstechnica.

SolarWinds Hackers Return with New Bag of Tricks

Top Stories

Oracle begins mass layoffs to fund $156 billion AI infrastructure push

OpenAI brings in Smartly to shape how ads work inside ChatGPT

Quantum breakthrough researchers cut required qubits from millions to thousands

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

OpenAI cuts Sora with $1M-a-day costs to free up resources for core AI models

Related Articles

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

New Google update targets sensitive data exposure in search results

GitHub Copilot to train on user data by default

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered