As news breaks about what looks to be a pretty large-scale hack, I have the utmost confidence in the @CISAgov team and other Federal partners. I'm sorry I'm not there with them, but they know how to do this. This thing is still early, I suspect. Let's let the pros work it.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.
If you’re a SolarWinds customer & use the below product, assume compromise and immediately activate your incident response team. Odds are you’re not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this.
https://twitter.com/razhael/status/1338267165221396480?s=21
https://twitter.com/razhael/status/1338267165221396480
I'd also be paying very close attention to what @CISAgov does next. They have authority to issue directives to Fed agencies to take cybersecurity steps. While those directives only apply to Feds, everyone else should follow suit.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
