Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.
That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
