Hacking & Cracking

User avatar
Volkonski
Posts: 34001
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texoma and North Fork of Long Island
Occupation: Retired Mechanical Engineer
Contact:

Hacking & Cracking

#276

Post by Volkonski »

Eric Geller
@ericgeller
·
11m
New joint statement from FBI, CISA, ODNI, and NSA:

SolarWinds hack was the work of an advanced hacker group "likely Russian in origin" & is believed to be "an intelligence gathering effort."

"Fewer than 10" USG agencies compromised after SW infection, based on current info.

Image


Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace
User avatar
neeneko
Posts: 2222
Joined: Fri Jun 02, 2017 9:08 am

Hacking & Cracking

#277

Post by neeneko »

Parler was hacked:
so a group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user. This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account
https://www.reddit.com/r/ParlerWatch/co ... ntext=1000

Apparently they have access to both user registration data and, rather importantly, deleted content.. such as all the posts people erased after the riot.


User avatar
Volkonski
Posts: 34001
Joined: Sat Mar 02, 2013 4:44 pm
Location: Texoma and North Fork of Long Island
Occupation: Retired Mechanical Engineer
Contact:

Hacking & Cracking

#278

Post by Volkonski »

FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources

https://www.reuters.com/article/us-glob ... SKBN29G2IG
Moscow has denied involvement in the hack, which U.S. intelligence agencies publicly attributed here to Russian state actors.

The postcard carries FireEye’s logo, is addressed to CEO Kevin Mandia, and calls into question the ability of the Milpitas, California-based firm to accurately attribute cyber operations to the Russian government.

People familiar with Mandia’s postcard summarized its content to Reuters. It shows a cartoon with the text: “Hey look Russians” and “Putin did it!”

The opaque message itself did not help FireEye find the breach, but rather arrived in the early stages of its investigation. This has led people familiar with the matter to believe the sender was attempting to “troll” or push the company off the trail by intimidating a senior executive.


Image“If everyone fought for their own convictions there would be no war.”
― Leo Tolstoy, War and Peace
User avatar
RTH10260
Posts: 29965
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Hacking & Cracking

#279

Post by RTH10260 »

EasyDNS Newsletter wrote:The SolarWinds shit-show keeps on shitting

The Solarwinds hack may be even worse than originally thought, as possibly as many as 250 government agencies may have been compromised. The original intrusion led to numerous compromises against numerous other organizations ranging from aforementioned US government departments, to security firm FireEye, to Microsoft.

In late December, investigators combing through the wreckage seem to have found another back door installed by a second threat actor.

This time it’s a webshell that infects a legitimate .NET component within Solarwinds’ Orion network monitoring application that has been modified to evade malware detection systems. It’s been dubbed SUPERNOVA and it enables remote attackers to execute arbitrary commands on the servers running the infected version of the software.

The trojan appears to have been present since possibly as far back as March 24, 2020, the time stamp of the compilation of the component.
SolarWinds hack may be much worse than originally feared
Some 250 government agencies and businesses may have been affected

By Kim Lyons
Jan 2, 2021, 4:50pm EST

The Russia-linked SolarWinds hack which targeted US government agencies and private corporations may be even worse than officials first realized, with some 250 federal agencies and business now believed affected, the New York Times reported.

Microsoft has said the hackers compromised SolarWinds’ Orion monitoring and management software, allowing them to “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.” The Times reports that Russia exploited layers of the supply chain to access the agencies’ systems.

The Times reports that early warning sensors that Cyber Command and the NSA placed inside foreign networks to detect potential attacks appear to have failed in this instance. In addition, it seems likely that the US government’s attention on protecting the November elections from foreign hackers may have taken resources and focus away from the software supply chain, according to the Times. And conducting the attack from within the US apparently allowed the hackers to evade detection by the Department of Homeland Security.

Microsoft said earlier this week it had discovered its systems were infiltrated “beyond just the presence of malicious SolarWinds code.” The hackers were able to “view source code in a number of source code repositories,” but the hacked account granting the access didn’t have permission to modify any code or systems. However, in a small bit of good news, Microsoft said it found “no evidence of access to production services or customer data,” and “no indications that our systems were used to attack others.”


https://www.theverge.com/2021/1/2/22210 ... ersecurity


User avatar
RTH10260
Posts: 29965
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Hacking & Cracking

#280

Post by RTH10260 »

from earlier
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
By Ionut Ilascu
December 21, 2020 09:17 AM 1

While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.

Named SUPERNOVA, the malware is a webshell planted in the code of the Orion network and applications monitoring platform and enabled adversaries to run arbitrary code on machines running the trojanized version of the software.



https://www.bleepingcomputer.com/news/s ... -analysis/


User avatar
RTH10260
Posts: 29965
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Hacking & Cracking

#281

Post by RTH10260 »

Sealed U.S. Court Records Exposed in SolarWinds Breach
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.

07JAN 21

The judicial branch agency said it will be deploying more stringent controls for receiving and storing sensitive documents filed with the federal courts, following a discovery that its own systems were compromised as part of the SolarWinds supply chain attack. That intrusion involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for some 18,000 users of its Orion network management software as far back as March 2020.

“The AO is working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files system (CM/ECF) that greatly risk compromising highly sensitive non-public documents stored on CM/ECF, particularly sealed filings,” the agency said in a statement published Jan. 6.

“An apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation,” the statement continues. “Due to the nature of the attacks, the review of this matter and its impact is ongoing.”

The AO declined to comment on specific questions about their breach disclosure. But a source close to the investigation told KrebsOnSecurity that the federal court document system was “hit hard,” by the SolarWinds attackers, which multiple U.S. intelligence and law enforcement agencies have attributed as “likely Russian in origin.”

The source said the intruders behind the SolarWinds compromise seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update that was opportunistically pushed out to all 18,000 customers using the compromised Orion software. This suggests the attackers were targeting the agency for deeper access to its networks and communications.



https://krebsonsecurity.com/2021/01/sea ... ds-breach/


User avatar
gupwalla
Posts: 3168
Joined: Sun Jul 07, 2013 12:57 pm
Location: The mind of Cassandra

Hacking & Cracking

#282

Post by gupwalla »

The whole SolarWinds storyline feels similar to the “NSA tools hack” from August 2016, that played out until May 2017 when those tools were used to produce the WannaCry ransomware attack.

So I am going to boldly predict that things are going to get really sporty on the cyber front in the next days, weeks, or months.

I’d advise a strong backup and IT continuity program for any SolarWinds customers.


In a wilderness of mirrors, what will the spider do beyond the circuit of the shuddering Bear in fractured atoms? -TS Eliot (somewhat modified)

All warfare is based on deception. - Sun Tzu
Post Reply

Return to “Computers & Internet”