Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: nfldgirl; FreedomPoster

Microsoft, FireEye confirm SolarWinds supply chain attack: Known victims so far include the US Treasury, the US NTIA, and FireEye itself

https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/

A hack initially corrupted a Solarwinds file, after which, that corrupted Solarwinds file had been installed on various Windows OS based machines as a part of routine updating.

The hacked file hatches, you might say, active hack commands that find certain files and deletes those certain files.

The hack tries to hide its tracks, and then force a reboot of the Windows OS based machine.

It is a cover-up.


37 posted on 12/14/2020 7:03:13 AM PST by linMcHlp
[ Post Reply | Private Reply | To 9 | View Replies ]

To: linMcHlp
The hack tries to hide its tracks, and then force a reboot of the Windows OS based machine.

If the affected Windows machine has event logging enabled and those logs are sent elsewhere, clearing the log and rebooting the machine does no good.

I can tell you factually that every single one of our Windows Desktops and Servers sends their logfiles to a secure event logging solution where those logfiles cannot be manipulated or deleted.

It doesn't take much to then filter through the events to see what's happened/happening with any of our Windows (and Linux) serers, of which there are about 16,000 total.

40 posted on 12/14/2020 7:17:15 AM PST by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 37 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson