Semperis Researchers Discover a New Malicious Variant of the Attack Technique used in the 2020 SolarWinds Breach
HOBOKEN, N.J., Feb. 29, 2024 /PRNewswire-PRWeb/ -- Semperis, a pioneer in identity-driven cyber resilience, today announced that its security research team has discovered a new variant of the notorious Golden SAML attack technique and dubbed it Silver SAML. Using Silver SAML, threat actors could exploit SAML to launch attacks from an identity provider like Entra ID against applications configured to use the protocol for authentication, such as Salesforce.
- Golden SAML was used post breach in the 2020 SolarWinds cyberattack, to move laterally within the company's network.
- Threat group Nobelium, aka Midnight Blizzard/ Cozy Bear, deployed malicious code into SolarWinds' Orion IT management software, infecting thousands of organizations, including the U.S. Government.
- To safeguard effectively against Silver SAML attacks in Entra ID, organizations should use only Entra ID self-signed certificates for SAML signing purposes.
- Semperis researchers rate the Silver SAML vulnerability as a MODERATE risk to organizations.