Does This Mean Bad Actors Are Now Riding in 10,000 SolarWinds Powered Digital Sailboats?
I read “Hackers Breaking into Networks without SolarWinds, CISA Says.” The write up states that the Cybersecurity and Infrastructure Security Agency offered:
“Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified,” according to updated guidance published Jan 6. “CISA is continuing to work to confirm initial access vectors and identify any changes to the tactics, techniques, and procedures (TTPs).”