Discover and read the best of Twitter Threads about #Solorigate
Most recents (4)
#niet_in_journaal #nieuwsuur #1V #Op1 #bbvpro #NPORadio1 @envirosec @LeeSpacey #Russia #cyberwarfare #SolarWinds #retaliation aljazeera.com/news/2021/3/9/…
#niet_in_journaal #nieuwsuur #1V #OP1 #bbvpro #NPORadio1 @envirosec @LeeSpacey #US #cyberwarfare #cybersecurity #NSC #Jen_Easterley #Rob_Silvers #Anne_Neuberger #Philip_Reiner #Michael_Sulmeyer #Elizabeth_Sherwood_Randall #Russ_Travers #Caitlin_Durkovich aljazeera.com/news/2021/1/22…
Ik vermoed dat we #Anne_Neuberger de komende weken wat meer in de gaten moeten gaan houden. #niet_in_journaal #nieuwsuur #1V #OP1 #bbvpro #NPOradio1 @envirosec @LeeSpacey #US #cyberwarfare #SolarWinds nytimes.com/2021/01/13/us/…
As part of our commitment to keeping our customers/community protected & informed, we are releasing a blog that shines light on transition between Stage 1 and 2 of #Solorigate/#SUNBURST campaign, custom Cobalt Strike loaders, post-exploit. artifacts, IOCs: microsoft.com/security/blog/… 
Here are some highlights:
The missing link between the Solorigate backdoor and the custom #CobaltStrike loaders observed during the #Solorigate is an Image File Execution Options (IFEO) Debugger registry value created for the legitimate process dllhost.exe (ATT&CK ID: T1546.012).
The missing link between the Solorigate backdoor and the custom #CobaltStrike loaders observed during the #Solorigate is an Image File Execution Options (IFEO) Debugger registry value created for the legitimate process dllhost.exe (ATT&CK ID: T1546.012).
Once the registry value is created, the attackers wait for the occasional execution of dllhost.exe, which might happen naturally on a system. This execution triggers a process launch of wscript.exe configured to run the VBScript file dropped by the SolarWinds backdoor (Stage 1).
A threat of thoughts + actionable detection ideas from the latest Microsoft #Solorigate post...microsoft.com/security/blog/… ... this is a sweet diagram and hopefully helps make clear the different ways you could be impacted. Not every victim makes it past initial C2.
I think a lot of this we already knew, but lmk if there are nuggets in here that popped out.
Another super helpful explanation of the DGA C2 domains. I love the MS graphics people.
⚠️URGENT⚠️
Hackers exploit #Solorigate supply-chain backdoor in #SolarWinds enterprise monitoring software to breach US Treasury, Commerce Department, other government agencies, and cybersecurity firm #FireEye.
Details: thehackernews.com/2020/12/us-age…
#infosec #cybersecurity #sysadmin
Hackers exploit #Solorigate supply-chain backdoor in #SolarWinds enterprise monitoring software to breach US Treasury, Commerce Department, other government agencies, and cybersecurity firm #FireEye.
Details: thehackernews.com/2020/12/us-age…
#infosec #cybersecurity #sysadmin
Citing unnamed sources, media said the latest cyberattacks against #FireEye and U.S. government agencies were the work of Russian state-sponsored #APT29 or Cozy Bear #hacking group.
According to FireEye, attackers tampered with a #software update released by #SolarWinds, which eventually led to the compromise of numerous public and private organizations around the world with #SUNBURST backdoor.
thehackernews.com/2020/12/us-age…
#infosecurity
thehackernews.com/2020/12/us-age…
#infosecurity
