#SolarWinds hack update thread.

One word of caution, particularly for reporters publicizing hack victims. Many of the Orion platform customers have downloaded the backdoored update and it would have likely eventually contacted the C2 servers 1/4
Those backdoors and C2 connections are now being discovered by IR teams that are searching logs and systems for indicators published by @FireEye. However, this discovery does not necessarily mean the attackers did anything damaging to that organization 2/4
@FireEye In fact, most appear to have done a DNS lookup to the C2 server and received back a ‘kill switch’ response that indicates the adversaries had no interest in that victim 3/4
@FireEye It is important to clarify with potential victims whether they are simply detecting those remnants of possibly inert backdoor or if they have actually seen exfil of data 4/4

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dmitri Alperovitch

Dmitri Alperovitch Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DAlperovitch

8 Dec
With the Fireeye breach news coming out, it's important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1/
Security companies are a prime target for nation-state operators for many reasons, but not least of all is ability to gain valuable insights about how to bypass security controls within their ultimate targets 2/
The biggest news here for me is the admirable standard that Kevin Mandia and @Fireeye team is setting in rapid and transparent disclosure of the intrusion, as well as release of red team tools stolen by the adversary 3/
Read 5 tweets
16 Jan
Prediction for 2024 in Russia based on yesterday’s news:

Medvedev comes back into a now much weakened position of President

Putin steps back to a now very powerful position of Chairman of Security Council, a General Secretary of the Politburo of sorts 1/
Medvedev is the only successor that Putin truly trusts given their very long history together going back to St Petersburg in early 90s. Plus the presidency will be much weaker and will be of limited threat to Putin himself 2/
Putin’s very powerful new role as Chairman of Security Council will give him full control of the security forces (the only thing that matters for hanging on to true power, while allowing to step back from the boring and mundane job of running the country 3/
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!