Hackers behind the SolarWinds breach used password guessing
The US Cybersecurity and Infrastructure Security Agency (CISA) has stated that the hackers behind the SolarWinds attack has used password guessing and password spraying to breach targets, so they didn't have to rely only on trojanized Orion updates. After gaining the access to internal networks or cloud infrastructure hackers got administrator rights and started forging authentication tokens (OAuth). Forging the tokens allowed the threat actors to access other resources inside the network without having to provide the valid credentials or dealing with multi-factor authentication. Read more...