February 2020
Long-standing ProxyShell vulnerabilities in certain Microsoft Exchange Server versions are found to have been exploited by threat actors in August 2021. Learn more.
February 2020 – Microsoft Exchange “ProxyLogon” Vulnerabilities Exploited
Hover over each step below to view our full coverage.
July 2021
December 2020
January 2022
May 2023
IT system management software maker Solarwinds is attacked by threat actors who insert malicious code into a software update. Once victims apply the impacted update, a custom malware monitors their systems to identify the target and drop additional malware as needed. Learn more.
December 2020 – Solarwinds Supply Chain Attack Impacts Hundreds
IT and security management company Kaseya reports that it has been impacted by a ransomware attack affecting its Virtual System Administrator (VSA) product. The supply chain attack, which affected about 60 managed services providers (MSPs) and up to 1,500 client organizations, leveraged a zero-day vulnerability (CVE-2021-30116). Learn more.
July 2021 – REvil Attacks Kaseya
Threat actor group Lapsus$ targets numerous technology firms in early 2022 including Samsung, Nvidia, Okta and Microsoft. Lapsus$ uses a variety of social engineering techniques to access their victims then steal sensitive data such as source code once inside the network. Learn more.
January 2022 – Lapsus$ Group Targets Technology Firms For Data Theft
A zero-day vulnerability in MOVEit Transfer is actively exploited to gain access to MOVEit servers to upload a web shell, exfiltrate data and initiate intrusion lifecycles, and potentially also enable a threat actor to move laterally to other areas of the network. Learn more.
May 2023 – MOVEit Software Zero Day Exploited
Historical Targeting of Technology Firms
The recent activity against technology firms calls to mind previous widespread attacks targeting technology firms:
