The sophistication of this hack and the clever ways it used to mask its activities and avoid detection has never been seen before according to FireEye analysts. They were able to inject malware into a digitally signed DLL within the SolarWinds download without triggering any key mismatch alerts. They placed code in memory that used the actual admin credentials to traverse servers, extract and move files, and use the backdoor server HTTP parameters to control the malware code.
Anybody that can do this is an expert at exploiting Microsoft’s core. Could this be an insider hack that is supporting a foreign agency? Maybe this is why IT pros that have to build truly secure systems for the government stick with Linux at least for the trusted infrastructure.
Don't think that's the case. Over a year ago Solarwinds was warned about lax securirty on their dev system and they ignored the warning. Someone went in and simply added the backdoor to their software as part of the normal dev and distribution process.
They placed code in memory that used the actual admin credentials to traverse servers
Yes, once they were in, their actions and movements were very sophisticated incliuding stealing passwords (not difficutl) and bypassing second factor authentication (difficult). It shows how truly worthless all the security theatre is like "complex" passwords, constantly updating passwords, second factor, etc. It's all unscientific crap.
Didn’t Microsoft give China it’s source code a while back.🤔
Anybody that can do this is an expert at exploiting Microsoft’s core. Could this be an insider hack that is supporting a foreign agency?
xxxxxxxxxxxxxxxxxxxxxx
will be waiting for the answer