SolarWinds Hackers Return with New Bag of Tricks

December 7, 2021

According to a recent report by Mandiant, two hacker groups associated with the SolarWinds hack (UNC3004 and UNC2652) have continued to decide on ways to better compromise a large number of targets.

These tactics include the use of login credentials stolen by finally motivated hackers who can compromise UNC3004 and UNC2652 targets without using a hacked service provider.

Once they gain access to a company’s network, they compromise corporate filters with “application impersonation privileges.” Once this account is hacked, the hackers no longer need to break into each account individually. In addition, the attackers misuse legitimate private proxy services or localized cloud providers such as Azure to connect to end targets.

Attackers also use clever methods to bypass security constraints, one of which involves extracting virtual machines to determine internal routing configurations of the network configurations of the networks they wish to hack.

For more information read the original story in Arstechnica.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn