FireEye Mandiant has recently announced the release of its open-source tool – designed to check Microsoft 365 users. This is for the practice of techniques linked with UNC2452 – the name assigned by the threat group which attacked SolarWinds.
The SolarWinds supply chain cyber-attack affected several users, and thus they need to check their systems for intrusion signs associated with the attack.
UNC2452 has utilized many sophisticated techniques to move laterally from on-premises networks into the Microsoft cloud systems. The company noted that the threat actors used a combination of crucial techniques. It includes the theft of AD FS token-signing certificates creating Azure AD backdoors, etc.