Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how

FOE The Register (Security) February 09, 2026

Summary

Microsoft researchers discovered that attackers exploited vulnerabilities in SolarWinds Web Help Desk (WHD) instances in December to infiltrate IT environments and steal high-privilege credentials. The method of initial access and the identity of the threat actor remain unknown. This highlights the ongoing risk associated with unpatched software and the potential for credential theft leading to significant compromise.

IFF Assessment

FOE

Exploitation of SolarWinds WHD to steal high-privilege credentials represents a direct threat to organizations' security posture.

Severity

9.8 Critical (AI Estimated)

Defender Context

This incident underscores the critical need for prompt patching of vulnerabilities in widely used software like SolarWinds WHD. Defenders should prioritize identifying and patching vulnerable instances, monitor for suspicious lateral movement activity, and enforce strong credential management practices. The trend of targeting IT management tools for initial access remains a persistent threat.

Read Full Story →