As news breaks about what looks to be a pretty large-scale hack, I have the utmost confidence in the @CISAgov team and other Federal partners. I'm sorry I'm not there with them, but they know how to do this. This thing is still early, I suspect. Let's let the pros work it.

Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.

If you’re a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team. Odds are you’re not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this. https://twitter.com/razhael/status/1338267165221396480?s=21 https://twitter.com/razhael/status/1338267165221396480

I'd also be paying very close attention to what @CISAgov does next. They have authority to issue directives to Fed agencies to take cybersecurity steps. While those directives only apply to Feds, everyone else should follow suit.

As promised... https://twitter.com/C_C_Krebs/status/1338348746426474498?s=20

more: https://twitter.com/CISAgov/status/1338348931571445762?s=20