Semperis announced that its security research team discovered a new variant of the notorious Golden SAML attack technique and dubbed it Silver SAML. Using Silver SAML, threat actors could exploit SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce.
Golden SAML was used in the 2020 cyberattack against SolarsWinds, the most sophisticated nation-state hack in history. Threat group Nobelium, aka Midnight Blizzard, aka Cozy Bear, deployed malicious code into SolarWinds’ Orion IT management software, infecting thousands of organizations, including the U.S. Government. In the wake of the attack, the Cybersecurity Infrastructure Security Agency (CISA) encouraged organisations with hybrid identity environments to move SAML authentication to a cloud identity system such as Entra ID.
Comments