You're again badly misinformed. Didn't even occur
Post# of 128013
(Total Views: 126)
Posted On: 12/21/2020 12:21:02 PM
You're again badly misinformed. Didn't even occur to you that it was a 'backdoor' operation, a primary hack of a source that has many customers.
And why should anyone here accept yet another post pulled out of your ass, lacking as it does any corroboration, any link?
Anyway, another sterling entry on Trump's resume.
Just how bad is that hack that hit US government agencies?
Spoiler: It's a nightmare scenario
Zack Whittaker@zackwhittaker / 12:11 PM CST•December 17, 2020
Washington, D.C. scenic
https://techcrunch.com/2020/12/17/fireeye-bre...rMode=ie11
Since at least March, hackers likely working for Russian intelligence have embedded themselves without detection inside the unclassified networks of several U.S. government agencies and hundreds of companies. Sen. Richard Blumenthal appeared to confirm in a tweet that Russia was to blame, citing a classified congressional briefing.
It began Tuesday with news of a breach at cybersecurity giant FireEye, which confirmed it was hacked by a “sophisticated threat actor” using a “novel combination of techniques not witnessed by us or our partners in the past.”
The hackers, FireEye said, were primarily interested in information on its government customers , but that they also stole its offensive hacking tools that it uses to stress test its customers’ systems against cyberattacks.
Since the hackers had several months of undetected access to several federal agencies, it’s going to be virtually impossible to know exactly what sensitive government information has been stolen.
The FireEye breach was nothing short of audacious; FireEye has a reputation for being the first company that corporate cyberattack victims will call. But then the news broke that the U.S. Treasury, State, Commerce, the National Institute of Health and Homeland Security — the agency tasked with protecting the government from cyberattacks — had all been infiltrated.
Each of the victims has one thing in common: All are customers of U.S. software firm SolarWinds, whose network management tools are used across the U.S. government and Fortune 500 companies.
FireEye’s blog explaining the breach — which didn’t say how it discovered its own intrusion — said the hackers had broken into SolarWinds’ network and planted a backdoor in its Orion software, which helps companies monitor their networks and fleets of devices, and pushed it directly to customer networks with a tainted software update.
SolarWinds said up to 18,000 customers had downloaded the compromised Orion software update, giving the hackers unfettered access to their networks, but that it was unlikely all or even most had been actively infiltrated.
Jake Williams, a former NSA hacker and founder of Rendition Infosec, said hackers would have gone for the targets that got their “biggest bang for their buck,” referring to FireEye and government targets.
“I have no doubt in my mind that had the Russians not targeted FireEye we would not know about this,” Williams said, praising the security giant’s response to the attacks. “We’re going to find more government agencies that were breached. They’re not detecting it independently. This only got discovered because FireEye got hit,” he said.
The motives of the hackers aren’t known, nor do we know yet if any other major private companies or government departments had been hacked. Microsoft on Wednesday seized an important domain used by the attackers, which may give the company some visibility into other victims that have been actively infiltrated.
Russia, for its part, has denied any involvement.
Trump for his part has given us another 'I don't know why they would' response.
.
And why should anyone here accept yet another post pulled out of your ass, lacking as it does any corroboration, any link?
Anyway, another sterling entry on Trump's resume.
Just how bad is that hack that hit US government agencies?
Spoiler: It's a nightmare scenario
Zack Whittaker@zackwhittaker / 12:11 PM CST•December 17, 2020
Washington, D.C. scenic
https://techcrunch.com/2020/12/17/fireeye-bre...rMode=ie11
Since at least March, hackers likely working for Russian intelligence have embedded themselves without detection inside the unclassified networks of several U.S. government agencies and hundreds of companies. Sen. Richard Blumenthal appeared to confirm in a tweet that Russia was to blame, citing a classified congressional briefing.
It began Tuesday with news of a breach at cybersecurity giant FireEye, which confirmed it was hacked by a “sophisticated threat actor” using a “novel combination of techniques not witnessed by us or our partners in the past.”
The hackers, FireEye said, were primarily interested in information on its government customers , but that they also stole its offensive hacking tools that it uses to stress test its customers’ systems against cyberattacks.
Since the hackers had several months of undetected access to several federal agencies, it’s going to be virtually impossible to know exactly what sensitive government information has been stolen.
The FireEye breach was nothing short of audacious; FireEye has a reputation for being the first company that corporate cyberattack victims will call. But then the news broke that the U.S. Treasury, State, Commerce, the National Institute of Health and Homeland Security — the agency tasked with protecting the government from cyberattacks — had all been infiltrated.
Each of the victims has one thing in common: All are customers of U.S. software firm SolarWinds, whose network management tools are used across the U.S. government and Fortune 500 companies.
FireEye’s blog explaining the breach — which didn’t say how it discovered its own intrusion — said the hackers had broken into SolarWinds’ network and planted a backdoor in its Orion software, which helps companies monitor their networks and fleets of devices, and pushed it directly to customer networks with a tainted software update.
SolarWinds said up to 18,000 customers had downloaded the compromised Orion software update, giving the hackers unfettered access to their networks, but that it was unlikely all or even most had been actively infiltrated.
Jake Williams, a former NSA hacker and founder of Rendition Infosec, said hackers would have gone for the targets that got their “biggest bang for their buck,” referring to FireEye and government targets.
“I have no doubt in my mind that had the Russians not targeted FireEye we would not know about this,” Williams said, praising the security giant’s response to the attacks. “We’re going to find more government agencies that were breached. They’re not detecting it independently. This only got discovered because FireEye got hit,” he said.
The motives of the hackers aren’t known, nor do we know yet if any other major private companies or government departments had been hacked. Microsoft on Wednesday seized an important domain used by the attackers, which may give the company some visibility into other victims that have been actively infiltrated.
Russia, for its part, has denied any involvement.
Trump for his part has given us another 'I don't know why they would' response.
.
(3)
(0)