Mandiant: Suspected Russian group blamed for SolarWinds compromise continues to innovate. Group practices “top-notch operational security and advanced tradecraft,” report says. U.S. government has connected group to Russia’s foreign intelligence services. Mandiant says it has been seeing clusters of activity likely related to UNC2452 that is targeting cloud solution providers and managed service providers. The attackers are using credentials likely obtained from an information-stealer malware campaign to gain initial access to organizations.”]
Source: https://www.cuinfosecurity.com/mandiant-solarwinds-attackers-continue-to-innovate-a-18065