U.S. Cybersecurity and Infrastructure Agency: About 30% of victims didn’t use SolarWinds Orion software. CISA: Hackers gained access to targets using password spraying and exploits of vulnerabilities found in cloud software. Malwarebytes was among the companies targeted by the hackers, despite not using its own software. Security experts have suggested 300 organizations may have been hit with advanced attacks with these more advanced exfiltration, which could have led to data-filtration and eavesdropping attacks against business partners.”]
Source: https://www.cuinfosecurity.com/solarwinds-hackers-cast-wide-net-a-15905