CISA: SolarWinds hackers also used password guessing to breach targets

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat actor behind the SolarWinds hack also used password guessing and password spraying attacks to breach targets as part of its recent hacking campaign and didn’t always rely on trojanized updates as it’s initial access vector. The new developments come as CISA said last month in its initial advisory on the SolarWinds incident that it was investigating cases where the SolarWinds hackers breached targets that didn’t run the SolarWinds Orion software.

Read full article on ZDNet