Skip to main content

SolarWinds hackers also used brute force password techniques to breach victims

(Image credit: Shutterstock / carlos castilla)

While the majority of victims of the SolarWinds supply chain attack were breached through the compromised Orion update, some had their perimeters breached via brute force password techniques.

According to a recently updated advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), the SolarWinds attackers didn't always rely on the poisoned Orion update as the initial access vector.

"CISA incident response investigations have identified that initial access in some cases was obtained by password guessing [T1101.001], password spraying [T1101.003], and inappropriately secured administrative credentials [T1078] accessible via external remote access services [T1133]," the agency said.

Once inside, the attackers escalated access to gain admin rights and then created authentication tokens that would allow them to move through the network without the need to solve 2FA or provide extra credentials.

The attackers used compromised Office 365 credentials to access SolarWinds' network. Once inside, they planted malicious code into an upcoming patch for its Orion software, which was downloaded 18,000 times (opens in new tab), triggering a secondary payload.

The supply chain data breach, which was first spotted by cybersecurity experts at FireEye, was described as one of the most devastating attacks of 2020, mostly because a number of US government organizations (opens in new tab) were compromised, as well.

The goal of the campaign seems to be espionage and data harvesting.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.