SolarWinds Sunburst attack

3 Likes

SolarWinds Officials Blame Intern for ‘solarwinds123’ Password

If it was, then that’s worse… so much worse…

Interns never touch critical s**t. Interns get coffee (but I never make them pay for it, of course), proof read documentation, and if they’re really good, maybe write some unit tests.

If it’s a University of Waterloo co-op student, they might get to write a proof-of-concept from a research paper for me… :slightly_smiling_face:

…as long as the coffee’s kept hot…

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

It was Russia wot did it: SolarWinds hack was done by Kremlin’s APT29 crew, say UK and US

Who knew Uncle Sam had strike teams for SolarWinds, Exchange flaws? Well, anyway, they are disbanded

US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year’s SolarWinds cyberattack, in a bid to find out who else might have been compromised.
[…]

3 Likes

SolarWinds backdoor gang pwned Microsoft support agent to turn sights on customers

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business.

Insisting that it was “the victim of the most sophisticated cyberattack in history” in a court filing, SolarWinds described a lawsuit from some of its smaller shareholders as an attempt to “convert this sophisticated cyber-crime” into an unrelated securities fraud court case.

[…]

1 Like

Insisting that it was “the victim of the most sophisticated cyberattack in history”

They left a server unprotected and someone who actually knew a bit of coding, not just a script kiddie, walked in. They weren’t that good or they wouldn’t have gotten caught.

2 Likes
3 Likes

Popcorn

3 Likes

Russia’s SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation.

[…]

 

1 Like

Just a coincidence.

3 Likes

SolarWinds attacker on the move: Russia’s Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft

Phishing and password spraying on the up

https://www.theregister.com/2021/10/25/nobelium_russia_svr_msp_warning_microsoft/

Russia’s Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft’s security arm has warned.

[…]

2 Likes
1 Like

the number that were hacked by Russia’s Cozy Bear was about 100.

I think that’s a wild under-estimate. I know two, relatively small, organizations were affected where my immediate family work. Neither would show up on El Reg’s radar. Both cases facilitated probable identity theft that likely affects thousands of young people.

2 Likes