For anything hackers couldn't accomplish using SNMP SolarWinds Orion also provides a complete WMI management suite: Remote back doors, arbitrary file downloads and executions and complete SNMP/WMI management suites. A perfect Trifecta.
Technical analysis: Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach - Ten different MITRE ATT&CK tactics, including Lateral Movement, Command and Control, and Data Exfiltration. https://twitter.com/PicusSecurity/status/1338866931567226880
Literally can't make this up: #Dominion CEO LIED under oath today and claiming they NEVER used SolarWinds. Except this recently HID the link which is still in source code along a side custom SolarWinds HTML tag

Site: https://dvsfileshare.dominionvoting.com/Web%20Client/Mobile/MLogin.htm
Archive: : https://archive.is/MPVo8 
Literally can't make this up: #Dominion CEO LIED under oath today and claiming they NEVER used SolarWinds. Except this recently HID the link which is still in source code along a side custom SolarWinds HTML tagSite: https://dvsfileshare.dominionvoting.com/Web%20Client/Mobile/MLogin.htmArchive: : https://archive.is/MPVo8 
Literally can't make this up: #Dominion CEO LIED under oath today and claiming they NEVER used SolarWinds. Except this recently HID the link which is still in source code along a side custom SolarWinds HTML tagSite: https://dvsfileshare.dominionvoting.com/Web%20Client/Mobile/MLogin.htmArchive: : https://archive.is/MPVo8 
The plot thickens. SolarWinds owned by Clinton tied Billionare who donated 100k in 2016. https://twitter.com/CarrollQuigley1/status/1338898072772947970?s=19
Password: "solarwinds123" 🤦‍♂️

Software with this level of access and this level of distribution coming with a default admin password! https://twitter.com/zackwhittaker/status/1338934516111564805?s=19
Company name followed by 123 This password definitely does not meet basic complexity requirements. No uppercase or special characters. And way too short. Yet it's embedded for a critical service account. Sorry but a state actor like Russia was not required for this attack.
But the password didn't even need to be hacked. It was widely available on the internet. It was an open secret backdoor for the NSA for anyone running the sofware.
For all the Trolls complaining the screen shot disabling FIPS shows the DB maintenance config:

13 applications explicitly disable the enableFIPSPolicy in their configuration file. This is also disabled by default for apps without this setting.
NPM Web Backup in the NetPerfMon sets the default Admin and Guest password to Blank in NetPerfMon_Initial_Configuration.NPMWebBackup
Look at what 4 states, among others, are using SolarWinds. https://twitter.com/JPMediaBoss/status/1338363313395122176?s=19
Default SQL Server Account Database Password:

User Id=SolarWinds
Password=thepassword
You can follow @kr3at.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.