TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise

Original release date: March 17, 2021

CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders in detecting and responding to this activity.

CISA encourages network defenders to review SolarWinds and AD/M365 Compromise: Detecting APT Activity from Known TTPs and implement the recommendations. CISA also recommends network defenders review the following resources regarding this incident:

Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise web page
CISA Emergency Directive 21-01 – Supplemental Guidance v.1
CISA Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
CISA Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

This product is provided subject to this Notification and this Privacy & Use policy.

Source link

admin

Next Cisco Releases Security Updates »

Previous « Adobe Releases Security Updates

This website uses cookies.

TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise

Recent Posts

CISA Releases Six Industrial Control Systems Advisories

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Joint Advisory Issued on Protecting Against Interlock Ransomware

CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog

Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)

CISA Adds One Known Exploited Vulnerability to Catalog