Internet‑exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ networks, Microsoft and Huntress researchers have warned. Once inside, the attackers are deploying legitimate remote access and digital forensics and incident response tools, using living-off-the-land techniques, setting up a reverse SSH shell, and stealing sensitive data. Attack details The initial access vector is known: SolarWinds WHD vulnerabilities. What’s unknown is which … More
The post Unpatched SolarWinds WHD instances under active attack appeared first on Help Net Security.
