SolarWinds hackers have a clever way to bypass multi factor authentication

Hackers who hit SolarWinds compromised a think tank three separate times.

Read the whole story

 

[pizuz]

Didn‘t the breach happen by uploading malicious code to their update server using FTP credentials (PW *****123) exposed on their very own public GitHub repo?

https://savebreach.com/solarwinds-crede ... ye-breach/

 

[pizuz]

Who else is thinking these initial compromises were carried out with the help of an person inside?

Me. As I posted earlier, they themselves compromised part of their own infrastructure by accidentally exposing their update server credentials on GitHub. Getting the malware actually signed is an entire different story, of course.