#SolarWinds was an access operation, not an effects operation. Those saying "only an espionage campaign" and assigning early intent to such a large-scale access operation are mistaken. #ThreatIntel #infosec #cybersecurity
Long-term and large-scale supply chain access is an objective for many offensive cyber teams. They want the flexibility to choose when and how to use that access later. Assigning intent to such access is filled with sampling bias #ThreatIntel #SolarWinds #infosec #cybersecurity
A good thought-experiment, if we had caught MeDoc software supply chain attack earlier without NotPetya, it would probably would have been labeled "espionage" as well and some analysts would have applied mirror image biasing to assume "they wanted access to accounting for X"
The fact that there was some espionage conducted in a large-scale access operation doesn't mean it was for espionage only.
You can follow @cnoanalysis.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.