An analysis of publicly available web records shows SolarWinds hackers accessed the networks at Cox Communications and the local government in Pima County, AZ
LONDON (Reuters) - Suspected Russian hackers accessed the systems of a U.S. internet provider and a county government in Arizona …
Reuters
Related Coverage
- Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers Microsoft Security · Eric Avena
- Sunburst: connecting the dots in the DNS requests Securelist · Igor Kuznetsov
- VMware Flaw a Vector in SolarWinds Breach? Krebs on Security · Brian Krebs
- The SolarWinds Orion SUNBURST supply-chain Attack TRUESEC · Fabio Viggiani
- ‘The week has literally exploded’: Tech security startups grapple with SolarWinds fallout GeekWire · Todd Bishop
- How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game CyberScoop · Shannon Vavra
- Sophisticated cyberattack on U.S. government much worse than first feared MacDailyNews
- Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident DomainTools
- Sunburst's C2 Secrets Reveal Second-Stage SolarWinds Victims Threatpost · Tara Seals
- SolarWinds Likely Hacked at Least One Year Before Breach Discovery SecurityWeek · Eduard Kovacs
- Pompeo Says Russia Was Behind Cyberattack on U.S. New York Times · Steve Kenny
- US cyber-attack: Russia ‘clearly’ behind SolarWinds operation, says Pompeo BBC
- Pompeo: Russia ‘pretty clearly’ behind massive cyberattack The Hill · Jesse Byrnes
- Secretary of State Pompeo says hack was ‘pretty clearly’ Russian NBC News · Alicia Victoria Lozano
- SolarWinds hack exposes underbelly of supply-chain attacks CyberScoop · Shannon Vavra
- Cisco Hacked Through SolarWinds As Tech Casualties Mount CRN · Michael Novinson
- Security experts are ‘freaking out’ about how foreign hackers carried out the ‘most pristine espionage effort’ in modern history right under the US's nose Business Insider · Sonam Sheth
- Palo Alto Networks CEO: All companies must ensure they weren't hit in suspected Russian cyberattack CNBC · Kevin Stankiewicz
- How to Understand the Russia Hack Fallout Wired · Lily Hay Newman
- UK cyber chief says government ‘not hacked’ in SolarWinds operation Financial Times
- As Microsoft confirms breach, President Brad Smith argues for federal policy changes SC Media · Joe Uchill
- Hack Suggests New Scope, Sophistication for Cyberattacks Wall Street Journal
- How U.S. agencies' trust in untested software opened the door to hackers Politico · Eric Geller
- Security News This Week: Russia's SolarWinds Hack Is the Big One Wired · Brian Barrett
- Microsoft says it identified 40+ victims of the SolarWinds hack ZDNet · Catalin Cimpanu
- The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before Slate · Josephine Wolff
- CISA Alert: Sophisticated, Ongoing Cyberattacks Go Beyond SolarWinds Security Boulevard · Andrea Carcano
- Microsoft says it identified 40+ victims of the SolarWinds hack, and more bad news... DataBreaches.net
- Russia's Hacking Frenzy Is a Reckoning Wired · Lily Hay Newman
- Microsoft seeks Biden's support in case against Israeli spyware firm The Guardian · Stephanie Kirchgaessner
- Suspected Russian hack is much worse than first feared: Here's what you need to know CNBC · Sam Shead
- Microsoft president calls SolarWinds hack an “act of recklessness” Ars Technica · Dan Goodin
- Pompeo Blames Russia for Massive US Cyberattack SecurityWeek
- Energy Dept., nuclear weapons agency breached in ‘remarkable’ cyberattack UPI · Darryl Coote
- Spotify to be launched in South Korea by 2021 Micky · RD Revez
- ‘Very, very large’ telecom organization and Fortune 500 company breached in SolarWinds hack SC Media · Jill Aitoro
- Biden promises tough response to cyber attacks IT PRO · Danny Bradbury
- Russia is being blamed for a massive malware attack on the U.S. KnowTechie · Ste Knight
- Solarwinds, the World's Biggest Security Failure and Open Source's Better Answer The New Stack · Steven J. Vaughan-Nichols
- Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates Dark Reading · Jai Vijayan
- The great hack attack: SolarWinds breach exposes big gaps in cyber security Financial Times
- Growing Calls for US to Retaliate for Massive Cyber Hack Voice of America · Jeff Seldin
- SolarWinds hack: What we know, and don't know, so far GeekWire · Bob Sullivan
- NSA on Authentication Hacks (Related to SolarWinds Breach) Schneier on Security · Bruce Schneier
- SolarWinds Hack Compromised 40-plus Microsoft Customers CRN · Michael Novinson
- Microsoft Breached In SolarWinds Hack As Politicians Ponder If Cyber Attack Is Act Of War HotHardware.com News · Nathan Ord
- NSA warns of federated login abuse for local-to-cloud attacks ZDNet · Catalin Cimpanu
- Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies Threatpost · Tara Seals
- SolarWinds Hackers Broke Into the Federal Agency That Oversees the Nation's Nukes Gizmodo · Tom McKay
- Microsoft pushes for coordinated response to SolarWinds cyber attack as 40 of its customers fall victim OnMSFT.com · Kareem Anderson
- Microsoft identifies 40+ victims of SolarWinds hack, 80% from US BleepingComputer · Sergiu Gatlan
- SolarWinds attack is not ‘espionage as usual,’ Microsoft president says CyberScoop · Joe Warminsky
- More Than 40 Organizations Hit by Supposed Russian Cyber Hacking Campaign TGDaily · Tgd Buzz
- What we know - and still don't - about the worst-ever US government cyber attack The Guardian
- Here's a list of the US agencies and companies that were reportedly hacked in the suspected Russian cyberattack Business Insider · Kelsey Vlamis
- Cyberhack looks like act of war Axios · Mike Allen
- Widespread U.S. government cyberattack expands in scope Input · Tom Maxwell
- GAO slams federal agencies for IT supply chain risk IT PRO · Danny Bradbury
- What We Know So Far About the SolarWinds Hacking Scandal Gizmodo · Dell Cameron
- Massive Hack Roundup: Microsoft Says Breach ‘Not Espionage as Usual’ Nextgov
- SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA TechRepublic · Lance Whitney
- Russian hack against the U.S. government ‘will take years to overcome,’ former national intelligence official says CNBC · Emily DeCiccio
- Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware! The Security Ledger · Paul Roberts
- Russian hackers targeted 40 agencies including US Nuclear Agency HackRead · Deeba Ahmed
- Russia accused in massive hack of US through SolarWinds: What you need to know CNET · Laura Hautala
- SolarWinds Scandal Calls Attention to Supply Chain Security Government Technology News · Lucas Ropek
- 5 Key Takeaways From the SolarWinds Breach Dark Reading · Jai Vijayan
Discussion
-
@file411
@file411
on x
Good LORD: “whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor...” https://www.microsoft.com/... https://tw…
-
@gossithedog
Kevin Beaumont
on x
In depth technical look at SolarWinds nation state activity from MS peeps, including more hunting details etc. Really proud of the teams here, everything been thrown at protecting everyone. https://www.microsoft.com/...
-
@file411
@file411
on x
I have to say this breach is probably one of the most flawless reverse engineering Ops I've ever read “The envelopes” passed through numerous built-in security checks. This takes meticulous planning, discipline & serious coding chops It's impressive https://www.microsoft.com/... …
-
@file411
@file411
on x
If I'm reading this correctly because the envelope passed the built-in security protocols the C2 Server was like: secret handshake valid, come on in Also take note of the domains too (see next tweet) https://www.microsoft.com/... https://twitter.com/...
-
@file411
@file411
on x
Hey remember when someone was like: Oh GOD they can accurately & quickly map out a target network. Thus they know where to hide because they can see you coming HERE. WE. ARE. Big props to @Microsoft for their transparency because this helps understand https://www.microsoft.com/..…
-
@msftsecintel
@msftsecintel
on x
Here's our analysis of the compromised DLL that led to the Solorigate attack. While the extent of the compromise is being investigated, we want to continue providing the defender community with intel, remediation guidance, and protections we have built: https://www.microsoft.com/…
-
@kaspersky
@kaspersky
on x
While the #SolarWinds Orion IT packages reached about 18,000 customers, only a handful of these was interesting to the attackers referred to as UNC2452 or DarkHalo. @craiu and @2igosha share new findings on @Securelist. https://kas.pr/k75e https://twitter.com/...
-
@e_kaspersky
Eugene Kaspersky
on x
#Sunburst: connecting the dots in the DNS requests ⇒ https://kas.pr/j5yo TL;DR Three of the requests from FireEye's Github repository can be mapped to two domain names that belong to a government organization and a telecommunications company in the US. https://twitter.com/...
-
@lululemew
@lululemew
on x
LONDON (Reuters) - Suspected Russian hackers accessed the systems of internet provider, Cox Communications & the local government in Pima County, AZ as part of sprawling cyber-espionage campaign https://www.reuters.com/...
-
@bambenek
John Bambenek
on x
Some more updates on the Sunburst/Solarwinds breach. We have found what looks like at least two targets of interest based on my research and research by @kaspersky https://www.reuters.com/...
-
@profwoodward
Alan Woodward
on x
This kind of passive DNS work and analysis of the malware now released is what will lead to identifying where the Sunburst attacks came from - it's a slow process https://securelist.com/...
-
@sub8u
Subrahmanyam Kvj
on x
Ouch... This doesn't bode well at all... First Microsoft, and now Cisco as well impacted by Solarwinds hack! The age of tech recklessness, where individuals/companies/countries focus on their selfish needs is well upon us! https://www.theverge.com/... https://www.bloomberg.com/..…
-
@business
@business
on x
Cisco was compromised as part of a suspected Russian campaign that has roiled the U.S. government and private sector https://www.bloomberg.com/...
-
@kimzetter
Kim Zetter
on x
New: SolarWinds hackers did test-run of spy operation in Oct 2019, when malicious SolarWinds files were first downloaded by customers. That version didn't have backdoor in it, however. Indicates hackers were in SolarWinds network in 2019, if not earlier. https://news.yahoo.com/..…
-
@dangoodin001
Dan Goodin
on x
Reason No. 5 gazillion why the SolarWinds hack is so impressive. The hackers had full control of SolarWinds' software build system since October 2019. We know this because the hackers performed a dry run exercise that month. Great reporting by @KimZetter https://news.yahoo.com/..…
-
@diakopter
@diakopter
on x
@thespybrief “The DOJ, FBI and DOD..., have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures. They are assuming that the non-classified networks have been accessed” https://www.reuter…
-
@scottmstedman
Scott Stedman
on x
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said https://www.reuters.com/...
-
@nicoleperlroth
Nicole Perlroth
on x
Hearing Microsoft has no proof of this. https://twitter.com/...
-
@rainnwilson
@rainnwilson
on x
In case you didn't know, dozens of governmental orgs were hacked by Russia. This is not fake news. https://www.cnbc.com/...
-
@theintercept
@theintercept
on x
It is now clear that a group of highly sophisticated state-sponsored hackers, likely Berserk Bear, breached Austin's network, using it as infrastructure to stage additional cyberattacks. https://theintercept.com/...
-
@dnvolz
Dustin Volz
on x
You might call this...rumor control https://twitter.com/...
-
@briankrebs
@briankrebs
on x
VMware vulnerability a vector in the SolarWinds incident? The company says it has received no notification/indication this is the case, but the timing, MO of the flaw (forging single sign-on tokens) and recent NSA/CSIA advisories seem to suggest otherwise. https://krebsonsecurity…
-
@crimealytics
Jeff Asher
on x
Important point raised about the strength of the public SVR attribution in this great piece from @dnvolz and @bobmcmillan. The SVR doesn't make much sense IMHO. https://www.wsj.com/... https://twitter.com/...
-
@dnvolz
Dustin Volz
on x
The suspected Russian hackers were victims of their own success and hubris. After breaching scores of targets undetected for many months, they went after a harder one: a huge cyber firm with vast investigative resources. That led to the hack's unraveling. https://www.wsj.com/...
-
@dnvolz
Dustin Volz
on x
FireEye CEO Kevin Mandia said the hack of his firm through SolarWinds was like “a sniper round through a bulletproof vest.” Once SolarWinds was suspected, FireEye analysts scoured 50,000 lines of code in search of a “needle in a stack of needles.” https://www.wsj.com/...
-
@carter_pe
Phillip Carter
on x
“The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on...” https://twitter.com/...
-
@nicoleperlroth
Nicole Perlroth
on x
Microsoft president Brad Smith says Reuters report is false. “We have no indication of this.” Microsoft stands by Sunday statement: “We also want to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations.”…
-
@kimzetter
Kim Zetter
on x
Second supply chain hack in SolarWinds campaign announced. Microsoft was also breached in the SolarWinds hack operation. Once in Microsoft's network, the company's own “products were then used to further the attacks on others”. Story from @josephmenn https://www.reuters.com/...
-
Vox
Alex Ward
on x
How the US government hack happened, and what it means, explained by an expert
-
@craiu
Costin Raiu
on x
We are releasing some new findings in the #Solarwinds #Sunburst #darkhalo #unc2452 story. Our analysis plus an opensource tool that decodes and matches the UIDs from the CNAME records against publicly available pDNS data: https://securelist.com/...
-
@briankrebs
@briankrebs
on x
In an SEC filing, SolarWinds says “the vulnerability was not evident in the Orion Platform products' source code but appears to have been inserted during the Orion software build process.” https://d18rn0p25nwr6d.cloudfront.net/ ...
-
@dangoodin001
Dan Goodin
on x
Of the 18,000 customers who downloaded a backdoored Orion update, only a few dozen, or about 0.2%, of them received a follow on attack, according to Microsoft telemetry. This super elite group was 44% tech cos, 18% gov agencies and 18% think tanks/NGOs. https://arstechnica.com/..…
-
@arstechnica
@arstechnica
on x
The #SolarWinds hack is shaping up as one of the worst espionage hacks of the past decade if not of all time. https://arstechnica.com/...
-
@skirchy
Stephanie Kirchgaessner
on x
For a long time, the proliferation of spyware by private companies, including NSO Group, seemed to be a problem mostly for journalists and human rights activists. Then WhatsApp got involved. Now, big guns: Microsoft joins the fray. https://www.theguardian.com/ ...
-
@kevincollier
Kevin Collier
on x
This is a slightly weird framing for how the US is thinking of attribution for the SolarWinds campaign, but I can assure you that plenty of legislators who get briefed on cyber matters miss some of the nuance of how to talk about it, esp when unclassified. https://twitter.com/...
-
@cstross
Charlie Stross
on x
These are so totally NOT “Smiley's People”, these cyberspooks who hit their targets like a gang of ram-raiders robbing an Apple store instead of infiltrating quietly over decades and sneaking out the goods on microfilm hidden in hollow shoe-heels. https://twitter.com/...
-
@rhifionn
Rhiannon Fionn-Bowman
on x
Excerpt: ... effect of Thursday's revelations was confirmation that no single person or agency — including the highest reaches of the U.S. government — is certain of exactly what the hackers had infiltrated, let alone the full extent of what was taken. https://www.bloomberg.com/.…
-
@williamturton
William Turton
on x
New: Members of a consortium of major financial firms that share cybersecurity information with each other and the government, expressed concern the the US govt could be so deeply penetrated that its confidential data could be seen by Russian hackers: https://www.bloomberg.com/..…
-
@campuscodi
Catalin Cimpanu
on x
Kaspersky says it “identified approximately ~100 customers who downloaded the trojanized package containing the Sunburst backdoor” Company also said it identified two victims who received 2nd-stage payloads in IOCs posted online by FireEye https://securelist.com/... https://twitt…
-
@shashj
Shashank Joshi
on x
“One of the more chilling developments this year has been what appears to be new steps to use AI to weaponize large stolen datasets about individuals and spread targeted disinformation ... this too will become a permanent part of the threat landscape."' https://blogs.microsoft.co…
-
@shashj
Shashank Joshi
on x
Microsoft: 'This is not “espionage as usual,” even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the US and the world" https://blogs.microsoft.com/ ... https://twitter.com/...
-
@tariqkrim
Tariq Krim
on x
According to Microsoft, the recent Slora winds hack has also exposed Europe. It would be good for European institutions to give more details about it. the source is here : https://blogs.microsoft.com/ ... https://twitter.com/...
-
@ericgeller
Eric Geller
on x
Microsoft has identified 40 customers hacked by the suspected Russian operatives after the initial SolarWinds compromise, @BradSmi says. 80% in US, + Canada, Mexico, Belgium, Spain, UK, Israel, & UAE. 44% of victims were in IT, 18% think tank, 18% gov. https://blogs.microsoft.com…
-
@bradsmi
Brad Smith
on x
The latest nation state attack is not espionage as usual, even in the digital age. Instead, it's an act of recklessness that has created a serious and eye-opening vulnerability for the US and the world. Governments and industry must do more. https://blogs.microsoft.com/ ...
-
@kursed
Abdullah Saad
on x
Most spine chilling read of the day. This is really scary stuff. https://blogs.microsoft.com/ ...
-
@andrewsweiss
Andrew S. Weiss
on x
Once again, Microsoft's @BradSmi is taking the lead in saying thoughtful things that rightfully should be coming from a US President and other world leaders https://twitter.com/...
-
@natashabertrand
Natasha Bertrand
on x
SCOOP/BREAKING NEWS: The Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, have evidence that hackers accessed their networks, officials directly familiar with the matter said. https://www.politico.com/...
-
@axios
@axios
on x
A Trump administration official tells Axios that the cyberattack on the U.S. government and corporate America, apparently by Russia, is looking worse by the day — and secrets may still be being stolen in ways not yet discovered. https://www.axios.com/...
-
@waltshaub
Walter Shaub
on x
The new president is already doing what the outgoing president has consistently failed to do: hold Russia accountable. No wonder the Russians love Trump. His weakness has been an open invitation to harm America. That ends January 20. https://twitter.com/...
-
@jeremymgoldberg
Jeremy M. Goldberg
on x
This is important: “My administration will make Cybersecurity a priority at every level of government.” The Education sector, in particular public / K-12 schools & systems, have been a target for years. And, yes, hybrid and remote models in 2020 introduced even more risk. https:/…
-
@reppaulmitchell
Rep. Paul Mitchell
on x
It is time for POTUS and the Administration to address this forcefully. Put Putin on notice and take steps to punish him and those involved. Engage our govt resources to address this both@in agencies and private companies. Critical infrastructure at risk! https://twitter.com/...
-
@maxabrahms
Max Abrahms
on x
Terrifying how the Biden administration will respond to Russia. The media will eat it up. https://twitter.com/...
-
@davidmweissman
David Weissman
on x
Hackers have access to the National Security Administration but let's be more outraged that Jill Biden rightfully puts the title Dr. next to her name because she's an educated woman. https://twitter.com/...
-
@sethabramson
Seth Abramson
on x
Remember me saying here a week ago that I was gravely concerned that we would discover that the Department of Energy had also been hacked, and that the Russians' focus would be on nuclear energy issues? Well, here we go. And Donald Trump is doing *nothing about it whatsoever*. ht…
-
@apolyakova
Dr Alina Polyakova
on x
Russia launched “the biggest cybersecurity breach of federal networks in more than two decades” - this is what happens when we have no cyber deterrence strategy https://www.nytimes.com/...