Chris Hickman, chief security officer at digital identity security vendor Keyfactor says this attack was highly sophisticated and the overarching theme here is not SolarWinds or FireEye. Talking about the tools and techniques used by the attackers, Hickman reveals hackers misused X.509 certificates and keys as a part of their toolkit to infiltrate and spread while avoiding detection. “Attackers were able to inject malware into the build process, which is difficult to detect. They were able to compromise certificates allowing them to fabricate fake tokens for network access, transversing that to cloud access and subsequently manage network access and user permissions,” he told Toolbox.