Posted on 12/18/2020 12:02:29 PM PST by IndispensableDestiny
FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.
(Excerpt) Read more at fireeye.com ...
As foreign actors, they could have been contractors to SolarWinds. There's also an operational difference between planting the trojan and exploiting it.
Election?? What election?
I wonder if these data breaches having any relationship to the constant security attacks on my iCloud password. Starting about 10 days ago I have been having to unlock every day, sometimes multiple times, because someone is trying to brute force my password.
This is internal vs. external. The Solarwinds attacks are an internal threat meaning the bad actors establish a beachhead on the victim’s networks through the use of the Solarwinds backdoor and traverse the network accordingly. If appropriately segregated, the only advantage that they’d have is that they’re inside. Getting the keys to the kingdom, such as Kerberos golden tickets, can be either trivially easy or extraordinarily difficult depending on countermeasures and protections in place by the victim.
Microsoft developer reveals Linux is now more used on Azure than Windows Server
Probably not. iCloud fraud has been around a long time.
That’s fair. Just pointing out that Linux comprises more cloud platforms than any other OS.
FWIW, using solely Linux at home doesn’t protect you from anything. Linux is just as leaky and prone to compromise as Windows or Apple iOS.
Should be easy to find who went to China and was compromised.
A nation that size run by criminal gangs is a frightening reality.
Agreed, another reason I use several hard drives for back ups as I always know my information is safe and inaccessible for snoops. And if need be I can wipe it out with the click of the mouse.
The way I see it, the initial comprise came from a solar-wind update. The site providing the solar-wind update provided a update that redirected future updates to the bad actor. So the solar-wind update site was either compromised or someone intentional inserted the malware into the update. I would expect that this would be next to impossible for average business to stop. We trust the updates. You could block access to the bad site, but, by then the damage is done. Fixing it would be a challenge. Every node running solar wind would need to be taken off the network and either rebuilt or cleaned up. Then you stuck with either replacing solar-wind or figuring out how to make it trust worthy. As for top-secret networks, they should have internal update servers and processes that test/verify the updates before they roll out. But, with the two week dormant period, it could still slip by. What a mess - glad I’m retired.
Is it possible Solarwinds got into the Apple system? They certainly would never tell us.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.