Specifically, security flaws in Microsoft and VMWare products allowed the attackers to access emails and other cloud-based documents stored in Office 365, which in turn enabled them to utilize federated authentication and single sign-on setups to breach more systems.
The bad actors conducted what’s been called a “supply chain” attack, in which exploits in one system enable attackers to infiltrate other downstream systems.
According to the stories, state-backed cybercriminals exploited security flaws in at least three software vendors, including SolarWinds, Microsoft Azure, and VMware, to access private information in the target systems, and even to embed malware in product updates downloaded over the Internet. In early December, Reuters broke the story of a massive and sophisticated breach of federal government computer systems that started in March 2020. It is also impacting an untold number of IBM i shops, which use SolarWinds software in not-insignificant numbers. The recently disclosed hack of the SolarWinds log management software enabled bad actors to gain access to the protected networks of numerous government agencies and private companies. SolarWinds Hack Raises Concern for IBM i Shops
0 kommentar(er)
