Free Republic

UPDATED: The seized domain has been turned into a killswitch to prevent the SolarWinds hackers to escalate infections and make new victims. Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter. The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app. SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June...

President Donald Trump suggested on Twitter that China ‘may be’ responsible for the recently announced SolarWinds cyber attack, adding that “Russia, Russia, Russia is the priority chant” when anything happens, because mainstream media outlets have “financial reasons” to not cover China’s potential involvement.President Trump also said that the cyber attack could have impacted “our ridiculous voting machines” during the 2020 US election, adding that the election was a “corrupted embarrassment for the USA.”This comes after several days of the mainstream media repeatedly blaming Russia or Russian actors for the devastating attack. ….discussing the possibility that it may be China (it...

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated. The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat “poses a grave risk to the federal government.” It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk. CISA believes the attack began at least as early as March. Since then, multiple government agencies have reportedly been targeted by the hackers, with confirmation from the Energy and Commerce departments so far.

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.

If we get the Dominion-SolarWinds MOAB, even John Roberts can’t cover it up Supreme Court Chief Justice John Roberts appears to be against us. By “us,” I mean the majority of American people who support President Trump and believe that the 2020 election was fraudulently manipulated to change the righteous results. But there’s hope that goes beyond the power the Chief Justice has. It’s more powerful than mainstream media, Big Tech, the Democratic Party, and cowardly Republicans on Capitol Hill. Technically, there are two things that are more powerful. The first is the “MOAB” – the Mother Of All Bombshells,...

WASHINGTON — Over the past few years, the U.S. government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Maryland, for U.S. Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.

Microsoft was breached in the massive suspected Russian campaign that has hit multiple U.S. government agencies, including those responsible for maintaining America's nuclear weapons stockpile, according to people familiar with the matter. The sprawling attack, which targeted critical government infrastructure using a Trojan horse hidden in network management software from SolarWinds Corp, also compromised broad swathes of the private sector, likely including most of the Fortune 500, it emerged on Thursday. Officials say the attack went undetected for nearly nine months, allowing the hackers free range in the affected agencies and companies, and that the true scale of the stolen...

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations. One of...

At the worst possible time, when the United States is at its most vulnerable — during a presidential transition and a devastating public health crisis — the networks of the federal government and much of corporate America are compromised by a foreign nation. We need to understand the scale and significance of what is happening. Last week, the cybersecurity firm FireEye said it had been hacked and that its clients, which include the United States government, had been placed at risk. This week, we learned that SolarWinds, a publicly traded company that provides software to tens of thousands of government...

FOR IMMEDIATE RELEASE ODNI News Release No. 44-20 Dec. 16, 2020 Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of...

Who owns SolarWinds? This is a good question due to the complicated sales and purchases of related companies and individual owners over the past few years. Per our research, the owners of SolarWinds are related to the Clintons and companies that verify elections in the US. ... In summary The owners of SolarWinds are closely related to Obama and the Clintons. The they also are heavily in the election business and have relations with companies and individuals in China and Hong Kong.

I’ll take the Dominion perjuroni with extra cheese please!Dominion CEO states in Michigan hearing today that his company has never used Solarwinds. Pro tip: If you’re gonna remove the Solarwinds logo from your website, make sure you remove it from source code! Hat tip to TheDonald.win

The World Economic Forum proclaimed Cyberpandemic has begun: defense, power, water, finance, and our supply chain are all vulnerable to massive disruptions after FireEye & SolarWind have unleashed weapons of mass digital destruction AND unlocked the back doors of governments, militaries, and nearly the entire Fortune 500.Christian breaks it down, and asks: "Who stands to benefits from this Cyberpandemic?" in this Ice Age Farmer broadcast. https://youtu.be/oe3y-OdNSsw

The CEO of Dominion Voting Systems on Tuesday said the company has never used a platform that experts believe was breached by hackers as far back as last year.“We don’t use the SolarWinds Orion package that was the subject of the DHS report from the 13th,” CEO John Poulos told legislators in Michigan via video link.However, a screenshot of a Dominion webpage that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page’s source code.SolarWinds’s technology was exploited by...

Computer expert Andrew Morris says he downloaded the infected installer from SolarWinds Orion and found the “backdoor” is still contained on the installer on SolarWinds’ website. Morris is the founder of GreyNoise, a cyber security firm that specializes in finding comprised devices and detecting internet threats. SolarWinds Orion is part of the SolarWinds suite of network and computer management tools used by the US government. Reports indicate that someone, possible Russia, managed to modify SolarWinds Orion in the spring of this year. The modification created a “backdoor” which allowed the hacker to spy on numerous government agencies, including the Treasury,...

A hack. A raid. A series of curious events that all seem to tie back to one company: Dominion Voting Systems. The company at the heart of voter fraud allegations across the country and particularly in contested states may have been exposed despite all of their best efforts. How? Through SolarWinds Orion. Why? Because the Russians, God, or both are helping us out.That’s the premise. Here are the facts. SolarWinds Orion is the company whose security software was hacked this weekend, allegedly by Russians. Major but conspicuously mundane companies and government agencies were among those affected. They were raided today...

Last night the Cybersecurity and Infrastructure Security Agency (CISA) issued a rare Emergency Directive 21-01, in response to a KNOWN COMPROMISE involving SolarWinds Orion products. This was only the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. CISA reported a breach of the SolarWinds Orion products. This Emergency Directive called on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

A company that provides voting systems in 28 states uses an Internet technology firm that was hacked.Dominion Voting Systems uses SolarWinds software, according to a Dominion web page.SolarWinds does not list Dominion on its partial customer listing but says its products and services are used by more than 300,000 customers around the world, including all five branches of the U.S. military and more than 425 of the U.S. Fortune 500.The situation with SolarWinds software enabled hackers to gain access to the U.S. Commerce Department and, reportedly, the Treasury Department.SolarWinds Orion products are currently being exploited by malicious actors, the Department...

Archive of the above.Earlier Free Republic item on the compromise:CISA ISSUES EMERGENCY DIRECTIVE TO MITIGATE THE COMPROMISE OF SOLARWINDS ORION NETWORK MANAGEMENT PRODUCTS

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately. “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the...