dChan
Anonymous ID: 945fe7 Dec. 14, 2020, 5:45 a.m. No.12020179   🗄️.is 🔗kun   >>0231 >>0252 >>0390 >>0423 >>0560 >>0593 >>0683 >>0821

https://www.theregister.com/2020/12/14/solarwinds_fireeye_cozybear/

 

This situation is properly scary because a supply chain attack that poisons product updates issued by a major security vendor suggests that Cozy Bear could be deep inside all sorts of systems and vendors. If that doesn't scare you, maybe SolarWinds' customer list will:

 

More than 425 of the US Fortune 500

All of the top 10 US telecommunications companies

All five branches of the US military

The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States

All of the top five US accounting firms

 

Former US Cybersecurity and Infrastructure Security Agency head Chris Krebs suggested the attack has likely been under way for months, but that it should be possible to contain.

 

"If you're a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team," he advised. "Odds are you're not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this."

 

FireEye has posted an analysis of the flaw in SolarWinds code that says the problem is present in a file called SolarWinds.Orion.Core.BusinessLayer.dll, which it describes as a "digitally-signed component of the Orion software framework that contains a backdoor that communicates via HTTP to third party servers."

 

FireEye says that once the .dll reaches a machine it remains dormant for up to two weeks, but then comes to life and "retrieves and executes commands, called 'Jobs', that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services."

Anonymous ID: 945fe7 Dec. 14, 2020, 6:22 a.m. No.12020483   🗄️.is 🔗kun   >>0504 >>0560 >>0586 >>0593 >>0683 >>0821

Solarwinds used on dominion portal sign-in

 

https://dvsfileshare.dominionvoting.com/Web%20Client/Mobile/MLogin.htm

 

https://www.solarwinds.com/?CMP=PRD-TAD-SW-MFT_INPRD-MFT-PP

 

https://www.solarwinds.com/securityadvisory

 

SolarWinds Security Advisory

SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack. We recommend taking the following steps related to your use of the SolarWinds Orion Platform.

 

We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.

 

An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements.