NEW - @CISAgov just issued a new alert and warns of "grave risk" from the @solarwinds attack.https://t.co/6hJ9dDSVBn pic.twitter.com/A7cGD7doku— Disclose.tv 🚨 (@disclosetv) December 17, 2020
NEW - @CISAgov just issued a new alert and warns of "grave risk" from the @solarwinds attack.https://t.co/6hJ9dDSVBn pic.twitter.com/A7cGD7doku— Disclose.tv 🚨 (@disclosetv) December 17, 2020
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
Excerpt:
SolarWinds Orion Supply Chain Compromise SolarWinds Orion is an enterprise network management software suite that includes performance and application monitoring and network configuration management along with several different types of analyzing tools. SolarWinds Orion is used to monitor and manage on-premise and hosted infrastructures. To provide SolarWinds Orion with the necessary visibility into this diverse set of technologies, it is common for network administrators to configure SolarWinds Orion with pervasive privileges, making it a valuable target for adversary activity.
The threat actor has been observed leveraging a software supply chain compromise of SolarWinds Orion products[2] (see Appendix A). The adversary added a malicious version of the binary solarwinds.orion.core.businesslayer.dll into the SolarWinds software lifecycle, which was then signed by the legitimate SolarWinds code signing certificate. This binary, once installed, calls out to a victim-specific avsvmcloud[.]com domain using a protocol designed to mimic legitimate SolarWinds protocol traffic. After the initial check-in, the adversary can use the Domain Name System (DNS) response to selectively send back new domains or IP addresses for interactive command and control (C2) traffic. Consequently, entities that observe traffic from their SolarWinds Orion devices to avsvmcloud[.]com should not immediately conclude that the adversary leveraged the SolarWinds Orion backdoor. Instead, additional investigation is needed into whether the SolarWinds Orion device engaged in further unexplained communications. If additional Canonical Name record (CNAME) resolutions associated with the avsvmcloud[.]com domain are observed, possible additional adversary action leveraging the back door has occurred.
https://freerepublic.com/focus/news/3916482/posts?page=1
(CISA Alert (AA20-352A)) Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
us-cert.cisa.gov ^ | 12/17/2020 | CISA
“NEW - @CISAgov just issued a new alert and warns of “grave risk”
**************
It’s mentioned as a grave risk to not only .gov but to infrastructure as well.
I wonder if the threat is that if Trump tries something drastic to stop the steal, then CCP takes down the power grid or other essential infrastructure.