The Cyberpandemic has Begun: SolarWinds + FireEye... Anything can happen now

[Savannah]

BREACHED: CISA orders every federal civilian agency using SolarWinds technology to shut it down immediately

https://www.naturalnews.com/2020-12-...hut-down.html#

[palehorse]

Quoted from ReversingLabs

"
ReversingLabs' research into the anatomy of this supply chain attack unveiled conclusive details showing that Orion software build and code signing infrastructure was compromised. The source code of the affected library was directly modified to include malicious backdoor code, which was compiled, signed and delivered through the existing software patch release management system.

While this type of attack on the software supply chain is by no means novel, what is different this time is the level of stealth the attackers used to remain undetected for as long as possible. The attackers blended in with the affected code base, mimicking the software developers’ coding style and naming standards. This was consistently demonstrated through a significant number of functions they added to turn Orion software into a backdoor for any organization that uses it.
"
ref.: https://blog.reversinglabs.com/blog/...vel-of-stealth

Seems like the building system was somehow compromised in order to offer update/hotfix/bugfix (package updates with a trojan embedded) to the customers, whoever did that are real good and probably took long time to study the development environment in order to identify the vulnerabilities and infiltrate and act as part of the team OR it was just an "internal job".
It will need a full forensic work in order to track which machine compiled the patch released, maybe the developer was hacked, maybe someone broke into the building after midnight .. too many variables, hard to say.

There was identified some of the command & control domains (snort rules to mitigate here https://github.com/fireeye/sunburst_...ll-snort.rules), but this alone is not enough to find out who is behind it, domains can be registered using some proxy like `domainsbyproxy[.]com` or using bogus data with godaddy, namecheap, etc.. to find the server is another huge pain in the ass, it could be hosted in the customer infra structure without anyone knowing or just somewhere else in the country of the attack to make things even more confused.

SolarWinds risk management process should be more cautious, such big company should run checks more often at least in all new patches or even all new compilations/builds, just to have 100% sure that anything was not intentionally injected. Supply-chain attacks are hard to identify because it is blended with legit software.

For those interested in the details https://www.fireeye.com/blog/threat-...-backdoor.html

subdomain & #DGA domain names , #SolarWinds, attacked by #UNC2452
https://pastebin.com/6EDgCKxd

From Intel471 Twitter account
https://twitter.com/Intel471Inc/stat...33255741120513

Also this article about Chinese cybercrime underground from Intel471 may be of interest
https://intel471.com/blog/china-cybe...reat-firewall/

That's pretty much what I found to be more relevant about this attack.

[TargeT]

Posted by pueblo (here)
Again, unsubstantiated..

I can definitively tell you this is not the case, I work on that and higher clas networks every day... nothing is any different today, every system is nominal and has been since I accepted this position.

[daddy-keith]

Posted by Patient (here)
No pun intended - really - I am a patient person. I am surprised, that so many people are not fed up with all of this crap.

But I suppose that so many people just don't get it.

The media constantly reports "the rise in cases" but we know that the tests are faulty. But people get stuck at the number of cases and ignore the small number of deaths. (And we have to consider how many of those deaths reported were really due to covid.)

Now they are saying that even if you get the vaccine, it doesn't change things - you still need to wear a mask and social distance, and do not travel.

So now they have to throw something else at us. We knew they were going to, but most of the sheeple didn't.

Even so, when is enough going to be enough? Probably never. I expect that the people will allow themselves to be led to "wherever" they want to lead them.


It really is sad and pathetic that so many people are sheeple.

I have very little patience left for them. And that makes me sad.


If I had enough money, I would buy a large island somewhere and call it Avalon Island - you would all be welcome. And also any of the sheeple that are willing to open their eyes a bit. Of course, if they didn't they wouldn't come in the first place.

Hello Canada.
Stiff upper lip, keep the faith, press on Macduff and all that stuff. I had no intention of replying to this post because I share some of your sentiments and I felt very sad when I first read it. If I try to correct some of the programing among friends and family I am often called insane or stupid or any of the usual labels that we tend receive. I decided to make some tea and lo and behold, synchronicity. As I was passing my wife, there on her ipad was a picture of myself on Twitter. I asked her what it was about and she showed me the thread which read "People that most influenced my life". I remembered a kid who kept asking me questions twenty years ago and I did not realize that I had any impression on him. When I came back to my computer, your post was still there. I decided to reply to your post.
I think we must all strive to do our little bit, after all, eight bits make a Byte. LOL. I am reminded by the words of Francis Bacon (or was that Shakespeare) who said: "All the world's a stage and all the men and women merely players", etc.
Love to all and keep up the good work.

P.S. Remember to invite me to your island. I love to fish and will help to feed everyone.

[onawah]

WARNING! “Dark Winter” Begins! Next Phase is “Digital Pandemic” as Cyber Wars Start
December 16, 2020
https://healthimpactnews.com/2020/wa...er-wars-start/


by Brian Shilhavy
Editor, Health Impact News

"Millions of people around the world got a very small taste of what can happen when technology fails on Monday this week when most of the Google network went down, and people could not access their Gmail email accounts, YouTube videos, and many other Google services.

For those who rely upon Google for home devices, it was a sobering wake-up call.

Early Monday morning, Joe Brown walked into his daughter’s room and delivered his usual greeting, “Hey, Google, turn on the lights.” He owns a Google smart speaker that lets him control the lights with his voice, and which, “when you’re holding a kid with a bottle or a diaper full of crap, is usually pretty good,” he said.

But that morning, nothing happened. With the lights out, Brown grabbed a lantern. Cradling his daughter in one hand and his phone in the other, he tweeted: “I’m sitting here in the dark in my toddler’s room because the light is controlled by @Google Home. Rethinking… a lot right now.”

Brown was in the dark because Alphabet Inc.’s Google had suffered a widespread outage, bricking not only internet staples like Gmail and YouTube but an array of home devices that increasingly rely on the largest technology platforms. Elsewhere, a London technologist reported his alarm at being unable to use his Nest thermostat, a Google product. “It’s when Google is down and you can’t heat your home that you realize how scarily reliant you are on Google,” he wrote. (Source.)

Here is Google’s official announcement over what went wrong:

Google Cloud Platform and Google Workspace experienced a global outage affecting all services which require Google account authentication for a duration of 50 minutes. The root cause was an issue in our automated quota management system which reduced capacity for Google’s central identity management system, causing it to return errors globally. As a result, we couldn’t verify that user requests were authenticated and served errors to our users.

But problems have persisted, and similar outages were reported yesterday with Gmail and other Google services.

These events happened in the midst of several reported cyber hacks among other technology companies, including the Pentagon servers yesterday, Tuesday, December 15th.

Jim Hoft of Gateway Pundit reported:

The Pentagon imposed an emergency shutdown of computer network handling classified material on Tuesday.

This follows the rare Emergency Directive 21-01 on Sunday night by the Cybersecurity and Infrastructure Security Agency (CISA), in response to a KNOWN COMPROMISE involving SolarWinds Orion products.

Sunday night’s directive was only the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015.

According to Just the News the Pentagon has imposed an emergency shutdown of its Secret Internet Protocol Router Network, which handles classified information up to the secret level.

One official said,”This has never happened in the middle of a work day.”

Just The News reported:

The Pentagon on Tuesday ordered the emergency shutdown of a classified internal communications network, three Defense Department sources confirmed.

The unprecedented daytime shutdown comes amid recent revelations that other federal agencies, including the Department of Homeland Security, were breached by hackers.

The Defense Department alerted employees that the SIPRNET system was being shut down in the late morning for emergency software updates, the sources told Just the News…

…The system, known as the Secret Internet Protocol Router Network, handles classified information, up to the secret level, and was shuttered for several hours.

Are You Prepared for an Internet Blackout and Disruptions to the Electrical Grid?
These inconveniences suffered this week with Google going down are NOTHING compared to what is probably coming down the road, and which could be imminent.

Imagine what life will be like with no Internet at all for an extended period of time, and where electrical service could become very unstable and also be down for an extended period of time.

For those who have been paying attention, the Globalists have actually been warning us that this is coming for sometime now.

Earlier this year Health Impact News reported about Event 201 which was hosted by the World Economic Forum and the Bill and Melinda Gates Foundation and was a simulation of a worldwide pandemic and the response to that pandemic in October of 2019, just weeks before the now infamous COVID19 virus was identified in Wuhan, China.

Almost everything predicted during that simulation has now actually happened, except for one thing: an Internet blackout.

See:

Did Bill Gates & World Economic Forum Predict Coronavirus Outbreak? Will There be an Internet Blackout to Control Information?
Earlier this year around the time the U.S. Presidential debates started, the media started using the term “Dark Winter.”

Derrick Broze of The Conscious Resistance created a 12-minute documentary covering the historical meaning of “Dark Winter” and how it has been used in the past for simulations, much like Event 201.

Dark Winter exercise took place in June 2001, only months before the 9/11 attacks. This exercise took place at Andrews Air Force Base in Camp Springs, Maryland, and involved several Congressmen, a former CIA director, a former FBI director, government insiders and privileged members of the press. The exercise simulated the use of smallpox as a biological weapon against the American public.

During the Dark Winter exercise authorities attempt to stop the spread of “dangerous misinformation” and “unverified” cures, just like with the Event 201 simulation. Dark Winter further discusses the suppression and removal of civil liberties, such as the possibility of the President to invoke “The Insurrection Act”, which would allow the military to act as law enforcement upon request by a State governor, as well as the possibility of “martial rule.”

The script says martial rule may “include, but are not limited to, prohibition of free assembly, national travel ban, quarantine of certain areas, suspension of the writ of habeas corpus [i.e. arrest without due process], and/or military trials in the event that the court system becomes dysfunctional.”

What is important to know is Dark Winter was largely written and designed by Tara O’Toole and Thomas Inglesby of the Johns Hopkins Center along with Randy Larsen and Mark DeMier of the Analytic Services (ANSER) Institute for Homeland Security. O’Toole, Inglesby, and Larsen were directly involved in the response to the alleged anthrax attacks which took place in the days after September 11, 2001. These individuals personally briefed Vice President Cheney on Dark Winter.

Coincidentally, Event 201 was co-hosted by the Johns Hopkins Center for Health Security, which is currently led by Dark Winter co-author Thomas Inglesby. Tara O’Toole was also a key player in the Clade X simulation.

Watch the full documentary here:

Why is the Corporate Media Predicting a “Dark Winter”?
On July 8, 2020, the World Economic Forum met and discussed a “Digital Pandemic” which they claimed would be far more disastrous than the COVID pandemic.

Jeremy Jurgens, the World Economic Forum Managing Director, stated:

I believe that there will be another crisis. It will be more significant. It will be faster than what we’ve seen with COVID. The impact will be greater, and as a result the economic and social implications will be even more significant.

Klaus Schwab, the founder and executive chairman of the World Economic Forum, stated:

We all know, but still pay insufficient attention, to the frightening scenario of a comprehensive cyber attack could bring a complete halt to the power supply, transportation, hospital services, our society as a whole. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyberattack.

Christian the “IceAge Farmer” has covered this in two recent broadcasts.

“Next Crisis Bigger than COVID” – Power Grid/Finance Down – WEF’s Cyber Polygon – Nov 15, 2020

Source: https://youtube.com/watch?v=tSuCuoQxI20

and The Cyberpandemic Has Begun: SolarWinds + FireEye
https://www.youtube.com/watch?time_c...ature=emb_logo
(the video has already been embedded in this thread)

All Eyes on the U.S. and President Trump
Here in the U.S., the Right-wing alternative media is predicting that President Trump is not going to accept the election results, due to massive voter fraud.

Most reports are now saying that if he does not get the Supreme Court to over-turn the election results, that he will invoke the “Insurrection Act” and deploy the military domestically to allegedly start arresting people for “treason.”

President Trump has shaken up his Cabinet in recent weeks, seemingly to gain more control over the military and the Intelligence agencies.

But not only are we facing an internal civil war, it is expected that we will soon be attacked from outside the U.S., and indeed it appears as if the Cyber War may have already begun this week.

China is the most common enemy of the United States now that is blamed by both the Pharma-owned corporate media, and many in the alternative media as well, as planning to attack the U.S.

This appears to be mainly a Cyber attack, with potential attacks against our infrastructure here in the U.S., but China also seems to be involved with funding many of the Leftist/Marxist groups that will surely oppose President Trump and his efforts to remain in the White House.

There are also many other “hot-spots” around the world, especially with countries around the South China Sea such as Taiwan and the Philippines.

In the Middle East, Israel and Iran are basically already at war, including cyber warfare.

War, particularly cyber war, seems to have already been started, and everyone should absolutely prepare for the chaos that seems to be on our very doorstep, with the predictions of the World Economic Forum very likely coming true, since almost everything they originally predicted and planned for regarding COVID has come true."

[apokalypse]

Posted by Bill Ryan (here)
Friends, I think this deserves a new thread of its own. As Constance presciently warned us back in April, Draw your sword, things are about to get real. It has to be possible that what we've all lived through so far in 2020 is just the beginning.

Source: https://youtube.com/watch?v=oe3y-OdNSsw

agreed. comes to election i never think about Fraud/Court cases but more event of foreign influence/interfere such as what EO 2018 describe..this cyber thing is it.

[apokalypse]

[iota]

Posted by Journeyman (here)

Posted by iota (here)

Attachment 45496

The reality is that the data has been compromised for months and there are going to be investigations and forensics that will take a very long time to even know what was breached and obtained. The Treasury was not hacked yesterday/Saturday, they were hacked months ago and potentially for months while data was streamed out via the Sunburst/Teardrop exploit."

HM238

I could write a small novel. It was a pretty sophisticated attack on a few levels. They
were able to actually get the code signed, which means no one would have known they got it. It sits dormant for ~2 weeks, and then even though the traffic is HTTP and would appear to be easy to detect, it had a few tricks up its sleeve.

It detected and used hostnames that were the same or similar to existing hostnames on that specific network, it also buried the traffic in XML and .net traffic. It disguised itself further by spreading out the data across multiple GUIDs and HEX strings. If you look at the mitigation guide by CISA, it shows how deeply rooted it all is and across a lot of systems and services. There isn't one place to look or close down, there are dozens.

The code itself wasn't the most sophisticated, but the steps up to the point of the exploit were. Getting the code signed and integrated was the real trick. That means SolarWinds was infiltrated directly or via some contractor/third-party. It basically hit every one of their customers on the Orion platform. Which is basically every Fortune 500 company, every government agency, every major telecom provider, universities, accounting firms, banks, and more.

Now a funny thing. About 8-9 years ago I worked for a company closely associated with DoD/DHS and one of the projects I worked on was removing SolarWinds from the environment globally because of concerns way back then. We did highly classified work and also were under ITAR and some other restrictions/compliance rules. That cost a small fortune and was ordered right after we became partly overseen by DHS, and no one balked at all at the cost and I had an almost unlimited budget.


This particular hack has been discussed in some security channels for a while now. I actually dismissed a lot of it, knowing some of the big players and believing that surely it couldn't be as bad and widespread as they were saying or else it would have been caught and removed long ago. Remember, we're talking ~ 8 months.

Then the Fireeye stuff started to break a little while ago, and then the Treasury stuff hit the media but didn't make sense and was clearly not the full story to anyone in this field. Then the SolarWinds stuff starting flooding out.

I can't believe this was a honeypot situation because too many major companies and systems were impacted for real and it is still unknown how much data was stolen. If someone knew and it was being covered for by government agencies or even Fortune 500s, then our country is already lost the the Chinese.

If they didn't know, then the amount of failure across the board by the largest corporations and government agencies is unfathomable. In my former role, I would have been personally liable for something like this and already in jail. The fact that this is still being suppressed in the media and downplayed and underreported is also really fishy. Nothing about this makes sense or adds up. We're looking at potentially the largest data breach/cybersecurity event in history and barely anyone even knows beyond some weak stories about the Treasury.

COMMENT:

This is the truth. Watch the media spin.

nbc reported it as a russians

HM238

This is part of the spin. I don't doubt that Russia had a hand in it at some level, but if there isn't Chinese involvement, I'd be beyond shocked and surprised.

Much of the reporting so far is very superficial and lacking. A lot of focus is on the Teardrop/Sunburst aspect, but the real path to follow is how the code became signed and who's code that was? This isn't a small hack, it has global consequences for every government and corporation.

We likely won't know the extent for months, maybe years, and even then I have a feeling it will get buried long before anyone actually reports the full details. The problem is how many top IT departments and people are going to be working on this across every segment of the government and private sector. There is no way that it will stay a secret. The news may gloss over it and bury it, but thousands of IT and security people won't. It will come out eventually.

COMMENT:

very interesting. what you just described isn't doable
by a few hackers, that's why it got termed a "nation-state"
hack, that's very sophisticated work that takes a lot
of time, testing and testbeds to create.
if it is the "largest data breach/cybersecurity event in history"


QUESTION:

What would be the point of the cover up in the media?

Why would they try and spin it and for who? this has me wondering.

also i wonder what they got and what they are using or going to use it for?

HM238

At first my guess was to buy some time for mitigation but that wouldn't help since the exploit has been in the wild for so long. The damage was done, all it would do is buy the big players a little time before other actors would be aware, but again, that is largely useless. I'm not exaggerating when I say that it will be one of the largest ever.

The sole purpose was to siphon data out of the infected networks. If it was running for 6-8 months, that is a hell of a lot of data. SolarWinds is used to monitor entire networks, server infrastructure, and especially "crown jewel" servers. The environment I mentioned before was a global company with hundreds of data centers and tens of thousands of servers.

I personally have seen the media be told to print false stories to cover other operations or activity, and it is done without fail or pause. Of course it is always done under the guise of national security or protecting assets,

but seeing how easy and seamless it all was and how the channels already clearly long existed both between the company, the government, and the media was extremely concerning. In fact, while I had known about a lot of shady **** from working in ISPs that was going on, that one job is what made me begin to question everything and distrust absolutely everything. Not in a tinfoil way, but in the realest sense.



C'est toute .. not really my area ... you be the judge ...

Even in this year of conspiracies and intrigue, that post has my mind reeling.

Can I ask where you picked up this conversation? If you can't say that's fine, but if so, it would be good to know how much weight you attach to the source?

Journeyman i will PM you

as to the veracity of the information, it isn't my area, but i figured there were some here like TargetT who are very familiar and could easily dispel or verify

Posted by TargeT (here)

Posted by pueblo (here)
Again, unsubstantiated..

I can definitively tell you this is not the case, I work on that and higher clas networks every day... nothing is any different today, every system is nominal and has been since I accepted this position.

if not, i can look into it further. I have a friend who for whatever reason IT is his thing, even though he's part of Springstein's organization. many may not know Springstein had a direct line to Hussein as in relationship provided access ...

We bonded during the Occupy days and it was my friend who was the voice of reason when a group of us were OUTRAGED when Hussein passed Indefinite Detention and we were prepared to take action and actually file articles to impeach the (traitor) congressmen in the 9 or 18 states that permitted it. TREASON, was going to be specifically cited ....

Emotions ran high at the betrayal, it was momentous and would have been historically significant ... my friend also explained the personal ramifications for each of us, but we only backed down when Oathkeepers took center stage and there were reasons we wanted distance at the time

either way? WE the People, were NOT going to "quietly accept" nor be "compliant" and "obedient" ... and it's possible that got communicated ...

few realize how very narrowly we escaped martial law at THAT time, and the present scenario is giving me "flashbacks" and has me a bit on guard as i see a call go out for what i once opposed so vehemently ...

the difference is fewer then knew to be guarded, NOW? the call for FREEDOM is being demanded by MILLIONS ... 75 million i believe ...

still, this particular issue? is on my radar and most certainly they are upping the ante. .. and i suspect THIS will be brought to the spotlight in the very near future

it is an ideal candidate to be the next "excuse" for outages and all manner of distressing scenarios whose objective will be intrusive measures of control that would otherwise be unacceptable and considered reprehensible but the people will be prone to accept to alleviate the issues that will be manufactured ...

i'm looking for a tweet i saw last night that had a Senator tell the Senate, i believe, that 75 million people will NOT be silenced ...

such a comforting thought to fall asleep to!

UPDATE ... found it!

if tweet does not show? here is the link, it is just a minute long, and i think we could all use hearing this right now ...

https://twitter.com/TheSharpEdge1/st...74402018385920

TargetT? your thoughts? (on the info the source provided)

[apokalypse]

this whole **** is weird and seems planned...for months there's talked about EO 2018 regarding foreign election interference, hunter biden stories got killed but recently after election especially recent week Chinese stories popup and those stories have known also Hunter Biden Popup agian, DNI came out saying Chinese/Russia/Iran ...i was expect something about foreigner popup and did occur what we seeing now Hacking from foreign countries.

i really don't know but whole event so perfectly fit together for their MAIN AGENDA whatever that is...the timing of it all.

My point is this cyber attack isn't surprise at all from all the things happening right now...

[sunwings]

This is the No.1 news story on the BBC this morning...

US cyber-attack: US energy department confirms it was hit by Sunburst hack

The US energy department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the US government.

The department is responsible for managing US nuclear weapons, but said the arsenal's security had not been compromised.

Tech giant Microsoft also said on Thursday that it had found malicious software in its systems.

Many suspect the Russian government is responsible. It has denied the claims.

The treasury and commerce departments are among the other agencies targeted in the sophisticated, months-long breach.

https://www.bbc.com/news/world-us-canada-55358332

[Bill Ryan]

Posted by onawah (here)

“Next Crisis Bigger than COVID” – Power Grid/Finance Down – WEF’s Cyber Polygon – Nov 15, 2020

Source: https://youtube.com/watch?v=tSuCuoQxI20

Bumping this short 14 min video from Christian Westbrook, the Ice Age Farmer. He's very smart, articulate, concise, cogent, and dead right about what he sees.

A 'Cyberpandemic' is the perfect knockout punch to follow the pummeling from all the Covid lockdowns and small business bankruptcies. The remedy? Global government, with an iron fist. (Trump is in the way, of course, but that's not for this thread.)

And we're being TOLD what's being planned to happen.

[pueblo]

A cyber attack of "grave, grave danger"... ."almost like a prelude to war"...

[TargeT]

Posted by iota (here)
TargetT? your thoughts? (on the info the source provided)

Grandstanding soapbox abuse...

there were no teeth in that speech.... just words.

[Kryztian]

The mainstream media already has a political spin on the : it's the Russians:

Suspected Russian hack is much worse than first feared: Here’s what you need to know

• The U.S. Cybersecurity and Infrastructure Security Agency said the threat “poses a grave risk to the federal government.”
• CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.
• It’s not clear exactly what the hackers have done beyond accessing top-secret U.S. government networks and monitoring data.

CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

“The magnitude of this ongoing attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert said in a piece for The New York Times on Thursday. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”

Russian presidential spokesman Dmitry Peskov rejected the accusations, according to the Tass news agency.

“Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” he told Tass. “We have nothing to do with this.”

from: https://www.cnbc.com/2020/12/18/susp...st-feared.html

And who does this news story point out is the big victim of the attack, you might ask??? Well, America's most beloved boy billionaire, Bill Gates:

Microsoft customers targeted

Microsoft was hacked in connection with the attack on SolarWinds’ widely used management software, Reuters reported Thursday.

Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter.

“We have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data,” a Microsoft spokesperson said in a statement shared with CNBC.

If our televisions will still work, it looks like we are going to be seeing a lot of Mr. Gates on the media.

Amazing how quickly the media has figured out that the Russians are behind this, just like they all had our attention turned to Osama bin Laden as the perpetrator behind the 9/11 attacks.

[Elainie]

Posted by Kryztian (here)
The mainstream media already has a political spin on the : it's the Russians:

Suspected Russian hack is much worse than first feared: Here’s what you need to know

• The U.S. Cybersecurity and Infrastructure Security Agency said the threat “poses a grave risk to the federal government.”
• CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.
• It’s not clear exactly what the hackers have done beyond accessing top-secret U.S. government networks and monitoring data.

CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

“The magnitude of this ongoing attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert said in a piece for The New York Times on Thursday. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”

Russian presidential spokesman Dmitry Peskov rejected the accusations, according to the Tass news agency.

“Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” he told Tass. “We have nothing to do with this.”

from: https://www.cnbc.com/2020/12/18/susp...st-feared.html

And who does this news story point out is the big victim of the attack, you might ask??? Well, America's most beloved boy billionaire, Bill Gates:

Microsoft customers targeted

Microsoft was hacked in connection with the attack on SolarWinds’ widely used management software, Reuters reported Thursday.

Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter.

“We have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data,” a Microsoft spokesperson said in a statement shared with CNBC.

If our televisions will still work, it looks like we are going to be seeing a lot of Mr. Gates on the media.

Amazing how quickly the media has figured out that the Russians are behind this, just like they all had our attention turned to Osama bin Laden as the perpetrator behind the 9/11 attacks.

Russians are always the culprit hahah. So funny and yet the populace eats this up.

[TargeT]

Posted by Kryztian (here)
Amazing how quickly the media has figured out that the Russians are behind this, just like they all had our attention turned to Osama bin Laden as the perpetrator behind the 9/11 attacks.

China must be terrified of russia to push them as the boogyman so hard in our media like this (I mean come on, we all know that's basically what's happening by now).

[Kryztian]

CozyBear strikes again!

From the Washington Post: https://www.washingtonpost.com/natio...781_story.html

(Posting whole story since it is behind a paywall).



Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce

Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.

Officials were scrambling over the weekend to assess the nature and extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the people familiar with the matter said.

The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, the SVR, and they breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration.

The FBI is investigating the campaign, which may have begun as early as spring, and had no comment Sunday. The victims have included government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, according to FireEye, a cyber firm that itself was breached.

The Russian Embassy in Washington on Sunday called the reports of Russian hacking “baseless.” In a statement on Facebook it said, “attacks in the information space contradict” Russian foreign policy and national interests. “Russia does not conduct offensive operations” in the cyber domain.

All of the organizations were breached through the update server of a network management system made by the firm SolarWinds, FireEye said in a blog post Sunday.

The federal Cybersecurity and Infrastructure Security Agency issued an alert Sunday warning about an “active exploitation” of the SolarWinds Orion Platform, from versions of the software released in March and June. “CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures,” the alert said.

SolarWinds said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized in a “highly-sophisticated, targeted . . . attack by a nation state.”

The company filed a document Monday with the Securities and Exchange Commission saying that “fewer than 18,000” of its more than 300,000 customers may have installed a software patch enabling the Russian attack. It was not clear, the filing said, how many systems were actually hacked. The corporate filing also said that Microsoft’s Office 365 email may have been “an attack vector” used by the hackers.

Microsoft said in a blog post Sunday that it had not identified any Microsoft product or cloud service vulnerabilities in its investigation of the matter.

The scale of the Russian espionage operation appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds products are used by organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.

Its clients also include the top 10 U.S. telecommunications companies.

“This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed,” said John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy. “When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.”

Russian spies believed to have hacked FireEye

FireEye reported last week that it was breached and that hacking tools it uses to test clients’ computer defenses were stolen. The Washington Post reported that APT29 was the group behind that hack. FireEye and Microsoft, which were investigating the breach, discovered the hackers were gaining access to victims through updates to SolarWinds’ Orion network monitoring software, FireEye said in its blog post, without publicly naming the Russians.

Reuters first reported the hacks of the Treasury and Commerce departments Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign was previously unreported.

The matter was so serious that it prompted an emergency National Security Council meeting on Saturday, Reuters reported.

“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot. He did not comment on the country or group responsible.

At Commerce, the Russians targeted the National Telecommunications and Information Administration, an agency that handles Internet and telecommunications policy, Reuters reported. They have also been linked to attempts to steal coronavirus vaccine research.

U.S., Britain and Canada say Russian spies are trying to steal coronavirus vaccine research

In 2014 and 2015, the same group carried out a wide-ranging espionage campaign that targeted thousands of organizations, including government agencies, foreign embassies, energy companies, telecommunications firms and universities.

As part of that operation, it hacked the unclassified email systems of the White House, the Pentagon’s Joint Chiefs of Staff and the State Department.

“That was the first time we saw the Russians become much more aggressive, and instead of simply fading away like ghosts when they were detected, they actually contested access to the networks,” said Michael Daniel, who was White House cybersecurity coordinator at the time.

One of its victims in 2015 was the Democratic National Committee. But unlike a rival Russian spy agency, the GRU, which also hacked the DNC, it did not leak the stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats’ national convention in the midst of the presidential campaign.

The SVR, by contrast, generally steals information for traditional espionage purposes, seeking secrets that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial data and hacked foreign ministries.

Because the Obama administration saw the APT29 operation as traditional espionage, it did not consider taking punitive measures, said Daniel, who is now president and chief executive of the Cyber Threat Alliance, an information-sharing group for ­cybersecurity companies.

“It was information collection, which is what nation states — including the United States — do,” he said. “From our perspective, it was more important to focus on shoring up defenses.”

But Chris Painter, State Department cyber coordinator in the Obama administration, said even if the Russian campaign is strictly about espionage and there’s no norm against spying, if the scope is broad there should be consequences. “We just don’t have to sit still for it and say ‘good job,’ ” he said.

Sanctions might be one answer, especially if done in concert with allies who were similarly affected, he said. “The problem is there’s not even been condemnation from the top. President Trump hasn’t wanted to say anything bad to Russia, which only encourages them to act irresponsibly across a wide range of activities.”

At the very least, he said, “you’d want to make clear to [Russian President Vladimir] Putin that this is unacceptable — the scope is unacceptable.”

So far there is no sign that the current campaign is being waged for purposes of leaking information or for disruption of critical infrastructure, such as electric grids.

SolarWinds’ monitoring tool has extremely deep “administrative” access to a network’s core functions, which means that hacking the tool would allow the Russians to freely root around victims’ systems.

APT29 compromised SolarWinds so that any time a customer checked in to request an update, the Russians could hitch a ride on the weaponized update to get into a victim’s system. FireEye dubbed the malware that the hackers used “Sunburst.”

“Monday may be a bad day for lots of security teams,” tweeted Dmitri Alperovitch, a cybersecurity expert and founder of the Silverado Policy Accelerator think tank.

[iota]

Posted by TargeT (here)

Posted by iota (here)
TargetT? your thoughts? (on the info the source provided)

Grandstanding soapbox abuse...

there were no teeth in that speech.... just words.

so to be CLEAR you are saying the following points have NO merit? .. there were many points covered,] each having its own importance, if you don't mind expanding a tad bit more ... let's just go with paragraph #1 to start:

Posted by iota (here)

I'm an actual security expert. The SolarWinds hack happened in the Spring. (Mar-June) and began when SolarWinds itself was infiltrated and the code was signed. That meant everyone got hit with the updates that contained it. It has been everywhere for months, while it is still a vulnerability for a lot of places with lax update schedules, the order was for all government agencies to be mitigated by 12 EST today. A lot of corporations were also reacting after the weekend and after guidance late yesterday and early today and were taking outages to fix it.

...

I'm an actual security expert. The SolarWinds hack happened in the Spring. (Mar-June) and began when SolarWinds itself was infiltrated ,

1.) Timing (March) coinciding with announcement of COVID (announcement because many of us got it in January) (thankfully prepared for it in October of 2019)

2.) SolarWinds itself being infiltrated ~ it's going to make a HUGE difference in which rabbit hole to follow whether SolarWinds itself was an unknowing/uninvolved agent (victim) or the perpetrator itself.

i can go with victim ... why? ... the spin and focus of attention already pointing to its "connections" to Hussein and Hillary etc. pretty much where focus is directed? ... then that is what i ignore

are you familiar with SolarWinds? are they friendly? neutral? or suspect?

and the code was signed. That meant everyone got hit with the updates that contained it

the code signature IS of huge significance , so you're saying that's invalid? that it would NOT have gotten spread through the updates?

It has been everywhere for months,

months? we have not seen major OR even "minor" disruptions in months.. that being the case? if we start to see them now, AFTER their announcement? guess who is suspect now, (blaming the hack, of course) in my eyes ...

is that an erroneous conclusion to draw?

while it is still a vulnerabilityy for a lot of places with lax update schedules,

deduction: ONLY in a few places, the vast majority have been cleaned up

that being the case?
ALL major crap that follows? is manufactured and this is their scapegoat.

the order was for all government agencies to be mitigated by 12 EST today.

even this being HUGE latitude to "ix" a problem they were WELL aware of being a potential point of exploit and failing to take the necessary precautionary steps to avoid or having a sound plan in place to mitigate effects

much like the fact WE ALL KNEW fraud WOULD be attempted in the elections and failing to have even simple cameras in place (like 100 of them in case 1 was discovered) and have solid undeniable assurances in place, the situation could and WOULD be "handled". NO ONE was surprised it happened, the surprise is the failure in preparedness and response ... EXACTLY the SAME scenario HERE it would appear

it is PAST the deadline ... have you heard NOTHING of this TargetT? and deadline being past?
is it or is it not yet "handled"

A lot of corporations were also reacting after the weekend and after guidance late yesterday and early today and were taking outages to fix it.

for "guidance" to be "given"? one has to have mastered the situation, or at least come up with a viable solution.

i'm sorry, once again, the utter and complete failure to both PLAN and PREPARE for as well as have a SOLUTION to problems that are KNOWN to be PROBABILITIES (not just possibilities) makes the supposed experts involved look completely inept

actual morons

none should be at the position they are. not in charge of a play pen full of puppies, much less a nation

one is a mistake, THIS is turning into a PERPETUAL PATTERN

that was just first paragraph, so gonna need a bit more reason and explanation to blanket discount the WHOLE narrative ...

thanks in advance


PS and know this, if you cross me? i WILL go get your hat just fyi

[TargeT]

Posted by iota (here)

so to be CLEAR you are saying the following points have NO merit?

I'm saying there's no clear outcome, there's no actionable items....I'm not discounting the veracity of the information; more the format of it...


This was a big "hack" but it only effected our unclassified networks.. which we almost don't even care about.

there's a lot of hype right now..

it is PAST the deadline ... have you heard NOTHING of this TargetT?

its a deadline with almost no consequences... there's nothing happening here but some talking; that's what I am trying to say.


we really need that report published.

[iota]

Posted by TargeT (here)

Posted by iota (here)

so to be CLEAR you are saying the following points have NO merit?

I'm saying there's no clear outcome, there's no actionable items....I'm not discounting the veracity of the information; more the format of it...


This was a big "hack" but it only effected our unclassified networks.. which we almost don't even care about.

there's a lot of hype right now..

it is PAST the deadline ... have you heard NOTHING of this TargetT?

its a deadline with almost no consequences... there's nothing happening here but some talking; that's what I am trying to say.


we really need that report published.

ok ... got it

then you misunderstood the initial question

i was not asking about the format, i was specifically asking about the veracity of the information

so thanks for your response



(and your hat remains safe .... for now ... (wink))