I want to be absolutely up front about this. The whole SolarWinds thing has be seriously bothered. Here’s why (rant time)... 1/6

SolarWinds did not find the backdoor in Orion, FireEye did. FireEye did not find the SolarWinds backdoor initially, they detected a “secondary” backdoor that the bad actors created using the main 2FA key they got off of a protected system they'd rooted. 2/6

FireEye found that particular backdoor only when the bad actors tried to “register” one of their own computers to it. The level of pwnage that implies is staggeringly impressive. 3/6

I was once asked what kept me up at night infosec-wise, and most of the APT actors did not - the Chinese were pretty good but they were somewhat predictable, everyone else was just okay. Except the Russians. They were good. Damned good. This smells like them. 4/6

All APT actors (unless it's a “smash and grab”) have multiple backdoors, rarely two on a single machine for very long, but to expel them you have to get *every* backdoor on *every* machine - and you have to do it all at once. Otherwise they keeping pivoting. 5/6

The fact that we’re divided as a country and there is this uneasy power struggle as things are awkwardly shifting from one administration to another, this is the worse time for this to happen. 6/6