In the MITRE ATT&CK Framework, which classifies and creates chains of events for certain kinds of hacker behavior, Initial Access is one of the first tactics used in an attack. It’s sort of self-explanatory—it describes how the attacker first got into a system. I’m just learning about these concepts, so I wanted to start from the beginning. I’m interested in a few techniques, and I’ll go over them in my next few posts. ...
On March 26, 2020, a hacker group identified by Microsoft as Nobelium launched what is widely considered the biggest supply chain hack of the 21st century. Known as the SolarWinds Hack, this event wasn’t significant because it affected a single company—it was significant because it compromised software used by thousands of organizations, including 6 U.S. federal agencies. The attackers accessed sensitive internal communications, email systems, and identity systems, potentially for months without detection. ...
Once a hacker has gained access to a system through their path of choice, the next usual step is to try and gain access to other—usually more high-profile machines on the network. This process is known as lateral movement, and it can be done in a variety of ways. To be more specific about why hackers do this, let’s talk about the advantages of gaining access to other machines. Why? Gain access to more privileged accounts Reach valuable data (like on a file server) Spread persistence across the network (creating re-entry points or backdoors) Having skill in lateral movement is arguably one of the most important things for a hacker. It’s their ability to move through the environment once they get in, and it must be done with precision and stealth. It’s also where many attackers get caught, since they can leave plenty of breadcrumbs along the way. ...