![]() ![]() ![]() “A newly released CISA report reveals how threat actors may have obtained initial access by password guessing or password spraying in addition to exploiting administrative or service credentials,” according to Malwarebytes. After that, the company and Microsoft kicked off an “extensive” investigation. The activity was visible in the application’s API calls. The Microsoft Security Response Center flagged suspicious activity from a third-party email-security application used with Malwarebytes’ Microsoft Office 365 hosted service on Dec. This is far more than SolarWinds.” Suspicious Microsoft 365 API Calls “It encompasses multiple companies used as backdoors to other companies, numerous tools and novel attack methods. “What started out as the SolarWinds attack is slowly turning out to be perhaps the most sophisticated and wide-reaching cyber-campaign we have ever seen,” Ami Luttwak, CTO and co-founder of Wiz, said via email. Instead of using the SolarWinds Orion network-management system, the advanced persistent threat (APT) abused “applications with privileged access to Microsoft Office 365 and Azure environments,” the security firm said - specifically, an email-protection application. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” it disclosed in a Tuesday web posting. Malwarebytes is the latest discovered victim of the SolarWinds hackers, the security company said – except that it wasn’t targeted through the SolarWinds platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |