Golden SAML Revisited: The Solorigate Connection
Tags
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Golden Ticket - T1558.001 Hardware - T1592.001 Multi-Factor Authentication - T1556.006 Saml Tokens - T1606.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 3e3df3e2-8b93-4193-a115-845ad3ded6c8
Fingerprint 360169998e4dea8c
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 29, 2020, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 5:55 p.m.
Headline Golden SAML Revisited: The Solorigate Connection
Title Golden SAML Revisited: The Solorigate Connection
Detected Hints/Tags/Attributes 45/1/8
Source URLs
Redirection Url
Details Source https://www.cyberark.com/resources/threat-research-blog/golden-saml-revisited-the-solorigate-connection
URL Provider
Details Provider Source level domain
Details cyberark.com www.cyberark.com
Attributes
Details Type #Events CTI Value
Details Domain 34 
msrc-blog.microsoft.com
Details Domain 5 
www.sygnia.co
Details File 2 
authentication_mechanisms_csa_u_oo_198854_20.pdf
Details Mandiant Uncategorized Groups 97 
UNC2452
Details Url 3 
https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks
Details Url 2 
https://media.defense.gov/2020/dec/17/2002554125/-1/-1/0/authentication_mechanisms_csa_u_oo_198854_20.pdf
Details Url 2 
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Details Url 2 
https://www.sygnia.co/golden-saml-advisory