#SolarWinds hack update thread.

One word of caution, particularly for reporters publicizing hack victims. Many of the Orion platform customers have downloaded the backdoored update and it would have likely eventually contacted the C2 servers 1/4
Those backdoors and C2 connections are now being discovered by IR teams that are searching logs and systems for indicators published by @FireEye. However, this discovery does not necessarily mean the attackers did anything damaging to that organization 2/4
In fact, most appear to have done a DNS lookup to the C2 server and received back a ‘kill switch’ response that indicates the adversaries had no interest in that victim 3/4
It is important to clarify with potential victims whether they are simply detecting those remnants of possibly inert backdoor or if they have actually seen exfil of data 4/4
You can follow @DAlperovitch.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.