SolarWinds Web Help Desk Vulnerabilities Exploited by Malicious Actors

Vulnerable and exposed instances of SolarWinds Web Help Desk (WHD) on the Internet are currently being targeted by malicious actors seeking initial access to the networks of targeted organizations, according to warnings from Microsoft and researchers at Huntress. Once inside, the attackers deploy legitimate remote access and digital forensics and incident response tools, use living-off-the-land techniques, establish a reverse SSH shell, and steal sensitive data. The initial access vector is known: vulnerabilities in SolarWinds WHD.