CISA discovers token abuse around SolarWinds hack, calls for full rebuild of affected networks

SC StaffJanuary 8, 2021
CISA noted evidence of initial access vectors beyond SolarWinds’ Orion platform, and abuse of SAML authentication tokens that mirror behaviors of the actor behind the compromise. ("Peter @ Solarwinds office" by ecooper99 is licensed under CC BY 2.0)