Roscoe B Davis🎖⭐️⭐️⭐️
Question did @TuckerCarlson or @seanhannity or @IngrahamAngle even mention or dedicate a news block to what is quite possibly on of the largest hacks in US History?
This hack involves our financial infrastructure our Military Defense systems including our only dual nuclear AFB at Kirkland.
What the hell is going on with the blackout of even mentioning it outside of Digital media outlets?
FireEye got compromised first & haven’t explicitly stated it, but the timing ain’t a coincidence. Based on the “highly sophisticated, manual supply chain attack”, it sounds like they had someone inside slipping something extra into their patches.
“Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor “
“Infected SolarWinds Updates Used To Compromise Multiple Organizations: FireEye”
https://www.crn.com/news/security/infected-solarwinds-updates-used-to-compromise-clients-fireeye
FireEye says it was SolarWINDS & vise versa, so no one is owning it just blaming the other. Bottom line this falls at the feet of a complacent DHS/CISA. Krebs was fired far too late.
We won’t know the far reaching impact until all of those companies start doing audits. Step one is stopping the vulnerability, step 2 will be forensics to see if anything got exfiltrated/compromised.
Also depends on the intent of the controller. With it being currently designated as nation-state, it’s a big unknown. They could have had a specific target in mind (like FireEye), or they could just be seeing what they could get.
What’s this mean for the average Joe?
Unknown what the exposure is yet.
I would suggest to keep a close eye on your finances for a bit until this is nailed down, because the financial infrastructure was hit hard.
Expect telecommunication patches soon.
Pretty much, the threat actors cycles have probably run and they got everything they needed. But this was a extremely effective supply chain attack that probably allowed them to monitor email accounts for months.
“Suspected Russian hackers spied on U.S. Treasury emails - sources”
https://www.reuters.com/article/us-usa-cyber-treasury-exclusive-idUSKBN28N0PG
Will take a long time to understand the extent of the information that they got. But if they were in the treasury and commerce departments, it’s a fair bet they’re trying to do something bigger than just steal random data from companies.
Likely looking to manipulate the value of currency or a particular commodity, or looking for leverage into the current & new administration.
The DOD targets affected are far more scary. DOD is recommending all devices be rebuilt. This means routers, core switches & firewalls
For commercial infrastructure you’re looking more at modifying various credential sets. The companies out there who were lax with internal security protocols are feeling the heat because of how this compromise is operating, and how long of a window this thing has had to operate.
Another interesting read, seems attackers were able to bypass MFAs.
Bottom line folks just keep an eye on your finances and if your banking institution has unusual activity filters be sure you have them turned up and active. Cheap protection insurance might not be a bad idea for a few months. Lotta deals out there with 90 day free trials.
https://threadreaderapp.com/thread/1338815027906813952.html
https://twitter.com/RoscoeBDavis1/status/1338815027906813952
Sorry if this has already been posted:
Mark Finchem
@MarkFinchem
SUBPOENAS ISSUED! Forensic Audit to be completed -
https://twitter.com/MarkFinchem/status/1338863322641309701?s=20
Thanks, Gran.
Great info, from Roscoe, there.
I guess he’s talking about LifeLock or something similar, for the cheap (90 day trial) insurance??