Press "Enter" to skip to content

The hackers get a bit of payback in aftermath of SolarWinds and Active Directory/M365 Compromise

Let’s update quickly on the SolarWinds and Active Directory/M365 Compromise.  The new name is courtesy of CISA, who have also released a tool to detect signs of compromise within Microsoft 365 and Azure environments. 

Congress has given Commerce, Energy, HHS, and the EPA 10 days to answer key questions about the attacks on their networks.

And in a feel good turnaround story, a Swiss cybersecurity firm claims to have accessed servers used by one of the hacking groups involved in the breach.      They indicate that hackers have continued their campaign through this month.     Quoting Bloomberg “ PRODAFT researchers said they were able to break into the hackers’ computer infrastructure and review evidence of a massive campaign between August and March.  PRODAFT said the hackers were an “extremely well-organized cyber-espionage group,” with four teams named 301, 302, 303 and 304 responsible for breaching their victims’ computers. The hackers placed emphasis on targeting governments and large corporations, such as Fortune 500 enterprise companies, according to the report.

Why do we care?

Feels good to see them get breached back.    Small victories – and likely more informative over time.     While not something to care about instantly, this is more investigative progress.    We’ll continue to learn here.

Today’s reasons to care include being more accurate with the name description.  We’ve already noted that the incident is larger than just SolarWinds.    Giving it a more accurate name is important.  

Just speculating… will we move to naming like hurricanes?     That could be telling.

Source: Twitter

Source: Bleeping Computer

Source: Federal News Network

Source: Bloomberg