Solarstorm / Sunburst Hack

[Khel]

Developing story on what is likely to go down as the largest and scariest Cyber attack in history.

Started with a story on how FireEye, one of the worlds leading firms got breached and their red team tools stolen, and has evolved from there.

Threat Actor managed to compromise the supply chain of a well established network monitoring tool vendor, and remain hidden in networks for MONTHS, which is just scary bad news.

Same actor and method behind the breaches of multiple US Gov agencies the last few days, including the agency responsible for the Nuclear weapons and there will be more to come.

https://krebsonsecurity.com/

https://www.fireeye.com/blog/threat-...eam-tools.html

https://www.fireeye.com/blog/threat-...-backdoor.html

https://threatpost.com/nuclear-weapo...attack/162387/

https://unit42.paloaltonetworks.com/...orm-supernova/

[Wastedyouth]

Who was the actor? Raimi Malek?

[Fuzz]

Microsoft, too.

Quote:

Microsoft was hacked as part of the suspected Russian campaign that has hit multiple U.S. government agencies by taking advantage of the widespread use of software from SolarWinds Corp, according to people familiar with the matter.

https://www.reuters.com/article/glob...-idUSL1N2IX33C

[Khel]

Quote:

Originally Posted by Fuzz

Microsoft, too.



https://www.reuters.com/article/glob...-idUSL1N2IX33C

Yeah, I think vmware and others were involved as part of this. No one has officially attributed it to the Russians, but whoever did this was likely well funded, and very skilled.

This story will likely only get bigger over the next couple days, and even months, tip of the iceberg.

[monkeyman]

Yikes! Thanks for sharing.

[Robo]

I thought this had something to do with the sun..... (shakes fist in air) damn you khellllllllllllllll!!!!

[RichieRich]

so how will this, if at all, affect us regular Joe's here in Canada? short / long term? I'm just not savvy enough to "get it" (nor have time to peruse all media narratives - mainstream or alternate, to get an idea of the impact). Can't wait to hear the conspiracy theory spins versus mainstream... and then figure out what is a truly centrist/likely view/result.

[Khel]

I think most people won't know or care. They may see the headlines about the Nukes and be concerned, but won't really know how big a deal this really is.

The system they compromised usually has highly elevated access to a companies network. And due to the length of time they went undetected who knows what else they did, stole, or compromised.

The motivation and objectives are currently unknown, but we are talking potentially hundreds or thousands of compromised companies, governments, etc. They had potentially full access into some of the biggest companies for months, you give an adversary with this kind of skill that much time, and there is no telling what they could have done.

This is likely a watershed moment in Cybersecurity. The story is still unfolding, and full impact could take months or years to understand.

[surferguy]

Perhaps Baron shouldn’t have been in charge of Cyber.

[Weitz]

Quote:

Originally Posted by Khel

Yeah, I think vmware and others were involved as part of this. No one has officially attributed it to the Russians, but whoever did this was likely well funded, and very skilled.

This story will likely only get bigger over the next couple days, and even months, tip of the iceberg.

CNN is saying it was Russian hackers.. But does that mean its could not be the state? Trying to understand here.

[RichieRich]

I propose we blame the CCP who masqueraded as the Russians.

[Titan]

After finishing Snowden's book, it is really scary how unprepared the gov't seems to be to manage these things. With the ####show of the last four years, it can't have gotten better.

I would give serious thought to bringing Snowden home, pardoning him, and making him the cyber czar. I am really conflicted as he did commit a crime but was that crime worthy of what the punishment could be? Taking into account how f'ed up the NSA programs were there should be some sort of whistleblower defence. Difficult issue.

[Khel]

Quote:

Originally Posted by Weitz

CNN is saying it was Russian hackers.. But does that mean its could not be the state? Trying to understand here.

Typically threat intel teams try not to do attribution to a specific state.

They give them a fancy, totally made up name like 'Cozy Bear' or 'OilRig' and talk about their tactics and techniques and motivations.

The media is saying its suspected as Russia and likely is, as Cozy Bear has known connections to Russian intelligence.

[Ozy_Flame]

Quote:

Originally Posted by Titan

I would give serious thought to bringing Snowden home, pardoning him, and making him the cyber czar. I am really conflicted as he did commit a crime but was that crime worthy of what the punishment could be? Taking into account how f'ed up the NSA programs were there should be some sort of whistleblower defence. Difficult issue.

Even in Hollywood movies, they hire the shady nerds who have hacked the Department of Defense like it was butter but will forgive their transgressions if they save the world. Maybe they're on to something.

[FlameOn]

Not that this would have stopped the Russian attack, but Trump moved the US cyber security budget to trying to build his wall.

Seriously the breach of the DOE nuclear facilities by Russians would have sparked an international incident under any other administration.

https://www.independent.co.uk/news/w...-b1776007.html

[Flamenspiel]

nm, why bother.

[Titan]

Quote:

Originally Posted by Ozy_Flame

Even in Hollywood movies, they hire the shady nerds who have hacked the Department of Defense like it was butter but will forgive their transgressions if they save the world. Maybe they're on to something.

Hmmm. Not sure, but it feels like you may be mocking me.