An "attack vector" is not necessarily a TTP used by threat actors, it is a way in. Whether it is used or unused, an attack vector is an attack vector.
Yes, they've documented threat actors actively using it. And SSPR used against several other services before this one. But the claim is in the lede sentence: "novel attack vector".
I think you're taking their choice of a single word a bit too seriously, and dare I say, personally. I don't think they're claiming to be the first to have ever discovered this attack vector, nor are they trying to steal credit from you. And while "novel" might not be the best word choice, in common parlance it need not mean "unique," and can just as well mean "unusual." In fact the dictionary definition of "novel" literally includes "unusual" ("new or unusual in an interesting way").
Yea, agree with this guy. Anyways I took "novel attack vector" to just mean "first time we've heard of using SSPR against AD". They even used the existing acronym "SSPR", so they're not claiming to have discovered the attack vector or anything.
https://www.cloudflare.com/learning/security/glossary/attack...
An "attack vector" is not necessarily a TTP used by threat actors, it is a way in. Whether it is used or unused, an attack vector is an attack vector.
Yes, they've documented threat actors actively using it. And SSPR used against several other services before this one. But the claim is in the lede sentence: "novel attack vector".