Time for a little thread on SolarWinds $SWI which has been hacked by Russia’s FSB, APT P29, commonly known as Cozy Bear.

The hackers embedded code that allows access to databases of the many clients SolarWinds sells to, including USG & 425 of the Fortune 500.

🧸
Sunday, Arapaho was kind enough to tag me in on the breaking development.
I’ll share her great thread, then dive into some breaking news, then wrap with a bit of info from investor analysts. https://twitter.com/arapaho415/status/1338290147138236416
Long story short, this is a 🚨 DISASTER OF EPIC PROPORTIONS 🚨.

General McCaffrey is not a word mincer.
He’s directly calling out Trump here. 🆘 https://twitter.com/mccaffreyr3/status/1339092435050188801
Over at AP News, Frank Bajak is not mincing words, either. https://twitter.com/youmustchange/status/1339100061825961985
Went to check in on my fave datasec guy and it turns out Chris Vickery is on Zev’s show tonight. It’s an hour long so I’ll post it now and screen it later if I can stay awake that long. 🥱 https://twitter.com/ZevShalev/status/1339021042803683330
Brian Krebs is reporting 18,000 customers may have been impacted by the malware! https://twitter.com/briankrebs/status/1338902959007129600
This from the Wall Street Journal, “The Cybersecurity and Infrastructure Security Agency issued an emergency alert Sunday night urging federal agencies to disconnect from the affected SolarWinds product.”

https://www.wsj.com/articles/hack-of-federal-agencies-shows-cyber-dangers-to-supply-chains-11607992349
As I like to say about the Kremlin, it’s not official until the official denial.

“Russia’s foreign-intelligence service is thought to be behind the attack but the Russian Embassy in Washington has denied those claims.”

Full #LavrovLaffOff. 🤡🧸
OK time for a nice compilation of $SWI analysis from the (free) app Seeking Alpha.

Trading Places Research call the SolarWinds breach potentially the 🚨 most consequential hack of all time 🚨
This is simply a partial list of the over 18,000 customers who could find the cozy Russian bear has come through their back door and emptied out the larder of all its goodies. Nom, nom. Cozy Bear is hangry.
And Cozy Bear has found the pantry well stocked with all sorts of delectable data. Pretty much the proverbial keys to the kingdom. We’re so fucked.
What’s that saying?

DON’T PUT ALL YOUR EGGS IN ONE BASKET

🤦‍♀️🤦‍♀️🤦‍♀️🤦‍♀️🤦‍♀️


Cute accent and some nice blues guitar are bonuses on this explainer.
Let’s look at why, why is Cozy Bear so hangry?

Well, back in 2014 Putin annexed Crimea from Ukraine.
EU & USA slapped on sanctions.

Sanctions hurt Russia bigly.

Rather than free Crimea, Putin installed his orange puppet…& here we are.
Where we are is pretty grim. FSB can set its users to highest level of permissions. This is going to take a long time to undo, and even then, all that government information and private sector financial information is now in the Kremlin’s hands. The horse is out of the barn.
And Trump will do nothing. We don’t even have the people in place to lead a response.
Coincidence? Oh, please.
The White Rabbit & Cozy Bear are drinking vodka in the banya, gloating with glee at what they have done.
As for the leadership at $SWI, that’s a thread for another day.
Remember what the doormouse said...
keep your head. https://twitter.com/McFaul/status/1339435926703931392
Well, this is just a clusterfvck. https://twitter.com/NatashaBertrand/status/1339669287846506496
People in America don’t seem to acknowledge that Russia considers itself at war with the USA. Perhaps under President Biden’s administration we can come to better terms with the grim reality.

Kelly gets it 🥶 https://twitter.com/kelly2277/status/1273785944001429504
Just remember, from here to eternity, that the greatest intelligence failure in American history occurred when Donald J. Trump was Commander in Chief.

#WhatWouldPutinDo https://twitter.com/john_sipher/status/1339558176790855684
Blumenthal is correct. We need a massive response...which will not occur until Biden is in the White House.

https://twitter.com/new_narrative/status/1339746567218225154?s=21
And now... into the weeds.

#DeathStar launched against #SolarWindsOrionHacks https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach

Analysis: This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it...

https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/
Thanks for tnis very grim update.
It’s so grim O’Brien decided to return from his vacay to Europe.

https://twitter.com/yotesrhungry/status/1339836163922690049?s=21
The GRU does Windows, posing as system admins and no one’s entirely sure how much they have gleaned or how long they’ve been penetrating DOD computer networks.
Via the other Krebs, Chris, this.
The exploit goes back to October 2019 if not earlier. https://twitter.com/KimZetter/status/1340054088050831362
Claire is a superb editor. https://claireberlinski.substack.com/p/the-hack 
The Hack

How to write about attacking the United States: The Cosmopolitan Globalists' Guide to Style

https://claireberlinski.substack.com/p/the-hack
At least since March 2020

Check us-cert link for technical details of exploits. https://twitter.com/NatashaBertrand/status/1340420303420354561
More weeds. https://thenewstack.io/solarwinds-the-worlds-biggest-security-failure-and-open-sources-better-answer/
SolarWinds, the World’s Biggest Security Failure and Open Source’s Better Answer

Every day that goes by SolarWinds proprietary software Orion network monitoring product supply chain security failure gets bigger and bigger. Microsoft, itself a victim, reports that 40 of its...

https://thenewstack.io/solarwinds-the-worlds-biggest-security-failure-and-open-sources-better-answer/
Ye gods. https://twitter.com/ThomasS4217/status/1340889354244386818
Fabulous... not one but two threat actors. https://securityaffairs.co/wordpress/112512/malware/supernova-backdoor-solarwinds-hack.html
SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA.

https://securityaffairs.co/wordpress/112512/malware/supernova-backdoor-solarwinds-hack.html
Hardly surprising, I suppose, that Mudak Pompeo’s State Department is sitting on its hands. https://twitter.com/rgoodlaw/status/1341775619215028226
Leadership. https://twitter.com/JoeBiden/status/1341768024806797313
Not a lot of breaking here.
From December 21. https://twitter.com/NBCNews/status/1343119698859352065
This has a lot of stuff above my reading level but it looks significant. Big picture wise https://twitter.com/USCERT_gov/status/1342921508872617984
Some good advice for all users. https://twitter.com/thecybermentor/status/1343649339068002304
More good advice… https://twitter.com/gojoe_joe/status/1344369716605964289
“Was it recon for the next attack?”

GRU hacked Microsoft’s source code. https://www.reuters.com/article/us-global-cyber-microsoft/solarwinds-hackers-accessed-microsoft-source-code-the-company-says-idUSKBN2951M9
SolarWinds hackers accessed Microsoft source code, the company says

The hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code, Microsoft said on Thursday, something experts said sent a worrying signal...

https://www.reuters.com/article/us-global-cyber-microsoft/solarwinds-hackers-accessed-microsoft-source-code-the-company-says-idUSKBN2951M9
Outsource code development to Belarus as a cost-cutting measure, sure? Why not? It’s only Federal agenicies that are your most important customers. 🤬

https://twitter.com/b52malmet/status/1345732924273020929?s=21
Great reporting from Ted Koppel on #SolarWindsHack https://www.cbsnews.com/news/the-threats-arising-from-the-massive-solarwinds-hack/
The threats arising from the massive SolarWinds hack

Cybersecurity experts discuss the national security implications of the suspected Russian breach — a "cyber virus" — that has infected the computer systems of more than 18,000 private and government...

https://www.cbsnews.com/news/the-threats-arising-from-the-massive-solarwinds-hack/
Finally USG says that Russia is behind #SolarWindsHack.

US intelligence agencies say massive hack of American government 'likely originated in Russia' https://www.cnn.com/2021/01/05/politics/us-hack-russia/index.html
US intelligence agencies say massive hack of American government 'likely originated in Russia'

US intelligence and law enforcement agencies investigating the massive hacking campaign targeting American government agencies and private sector companies issued a joint statement Tuesday saying the...

https://www.cnn.com/2021/01/05/politics/us-hack-russia/index.html
Storm clouds on the horizon as vulnerabilties at AWS seem likely from #SolarWindsHack 💨 https://www.scmagazine.com/home/security-news/cloud-security/solarwinds-hack-poses-risk-to-cloud-services-api-keys-and-iam-identities/
SolarWinds hack poses risk to cloud services' API keys and IAM identities

The SolarWinds Orion supply chain hack endangers AWS and Azure API keys and their corresponding cloud accounts, a security company has warned.

https://www.scmagazine.com/home/security-news/cloud-security/solarwinds-hack-poses-risk-to-cloud-services-api-keys-and-iam-identities/
Never underestimate activist shareholders, is my advice. https://www.crn.com/news/security/solarwinds-hit-with-class-action-lawsuit-alleging-securities-violations
SolarWinds Hit With Class-Action Lawsuit Alleging Securities Violations

The first class-action lawsuit brought against SolarWinds following its breach accuses the company of making materially false and misleading statements about its security posture throughout 2020.

https://www.crn.com/news/security/solarwinds-hit-with-class-action-lawsuit-alleging-securities-violations
Well, this is just dandy. The US Courts have been infiltrated in the #SolarWindsHack. Potential exposing sealed cases to the Kremlin.
What could possibly go wrong, outsourcing your code development to three Russian engineers in Czech Republic?

Thank you, Jennifer. https://twitter.com/Metal_and_Earth/status/1347580785520484353
Fabulous, a third vulnerabilty revealed. https://twitter.com/TeresaCCarter2/status/1348843015159357447
Timeline shows September 2019 as the beginning of #SolarWindsHack
Timeline shows September 2019 as the beginning of #SolarWindsHack
Timeline shows September 2019 as the beginning of #SolarWindsHack
Yo.

https://arstechnica.com/information-technology/2021/01/solarwinds-malware-has-curious-ties-to-russian-speaking-hackers/
Kind of suspicious...
This seems unsurprising, that they are trying to monetize the #SolarWindsHack https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
SolarLeaks site claims to sell data stolen in SolarWinds attacks

A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack.

https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
Brute force, too, sure, why not.
#SolarWindsHack https://securityaffairs.co/wordpress/113385/security/cisa-attacks-cloud-service.html
CISA warns of successful cyberattacks against cloud service accounts

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services.

https://securityaffairs.co/wordpress/113385/security/cisa-attacks-cloud-service.html
“Supply chain weaknesses” is one way to describe the fubar #SolarWindsHack. https://twitter.com/AP_Politics/status/1353685061120487424
And it spread, past the #SolarWindsHack to clients of Microsoft https://twitter.com/dnvolz/status/1355158986518048771
Update on impact of #SolarWindsHack on American courts, where all the cases under seal in most branches is visible to the threat actor. https://twitter.com/AP/status/1355877866286829573
So the second #SolarWindsHack threat actors are likely Chinese hackers, who have penetrated the US Federal payroll system to an extent unknown. 😑

https://mobile.reuters.com/article/amp/idUSKBN2A22K8
The more the merrier!

The article notes that these newly discovered vulnerabilities raise questions about security at #SolarWindsHack.

Ya think? https://www.nbcnews.com/tech/internet/more-exploitable-flaws-found-solarwinds-software-says-cybersecurity-firm-n1256526
More flaws found in SolarWinds software, says cybersecurity firm

Security firm Trustwave said it told SolarWinds of the vulnerabilities. There is no sign they were exploited, and SolarWinds released a patch to fix them.

https://www.nbcnews.com/tech/internet/more-exploitable-flaws-found-solarwinds-software-says-cybersecurity-firm-n1256526
A significant development. #SolarWindsHack

Joint letter from Senators Warner and Rubio concerned over “disjointed” response. https://twitter.com/NatashaBertrand/status/1359233306181726214
This article identifies the “fragmented approach to information security” between DOD and DHS as a vulnerability.

https://twitter.com/inteloperator/status/1359266069647683589?s=21
You can follow @j2dumfounded.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.