Share this page!

Kim Zetter Profile picture
Twitter logo
22 Apr, 4 tweets, 1 min read
Researchers find 18 additional command servers used in SolarWinds campaign. Also find that two servers previously known, that were used to push 2nd-stage malware, were mysteriously active Feb 27, 2020, a month before SW customers got infected w/ backdoor zetter.substack.com/p/research-unc…
If servers were pushing out 2nd-stage malware to victims in Feb, this raises the possibility that 1) a previously unknown version of SW software was compromised and infected customers a month before SW says customers got infected...
2) the 2nd stage command servers were pushing out 2nd-stage malware to victims who were already infected w/ something other than the SolarWinds software that carried the backdoor or ...
3) the attackers were doing a test run of the delivery of the 2nd-stage malware, as they had done in Oct. 2019 when they had done a test run of delivering the backdoor to customers thru the SolarWinds software

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

Kim Zetter Profile picture
21 Apr
Must have been a turnip truck
signal.org/blog/cellebrit…
For background on Cellebrite, I took a deep dive into the company in 2016 in this piece theintercept.com/2016/10/31/fbi…
Signal really went to town with this video showing how they hacked Cellebrite's UFED device. Expect it to be replayed at hacker conferences the planet over; it's got a guaranteed spot in hacker lore signal.org/blog/videos/ce…
Read 4 tweets
Kim Zetter Profile picture
17 Apr
Announcing: Mark Zuckerberg will join our new Sidechannel for a conversation with @CaseyNewton in the launch of our new Discord txt/audio chat forum. It's a measure of how respected Casey's Platormer publication is (platformer.news/publication) that Zuck wanted to join him for this. Image
I've heard Zuckerberg will be making news during discussion. Sidechannel, launched by Casey, I, and six other independent writers, is open to paid subscribers of my Zero Day publication (zetter.substack.com), Casey's Platformer or any of the other publications listed below
Other writers/pubs on SideChannel are:

Platformer @CaseyNewton
platformer.news

Galaxy Brain @cwarzel
warzel.substack.com/p/welcome-to-g…

Newcomer @EricNewcomer
newcomer.co

Hot Pod @nwquah
hotpodnews.com

Culture Study @annehelen
annehelen.substack.com
Read 5 tweets
Kim Zetter Profile picture
16 Apr
Positive Technologies, the Russian security firm sanctioned this wk for allegedly helping Russian spies hack the US, has for yrs belonged to Microsoft's MAPP program, which gives security vendors advance access to info about vulns and proof-of-concept code zetter.substack.com/p/sanctioned-f…
Although the allegations against Positive Technologies cited by the Treasury Dept were vague, a little-seen report published by the Atlantic Council last month appears to provide much more detail about the activities that may have led to the sanctions against the company.
That report doesn't name Positive Technologies at all, instead it uses a code name - ENFER - to refer to a Russian security firm aiding Russian spies. ENFER has allegedly reversed/repurposed malicious code found on Russian gov networks to create exploits for other intrusions.
Read 6 tweets
Kim Zetter Profile picture
15 Apr
Pfizer CEO said during panel today that people will have to get a third "booster" shot of the Covid vaccine 6-12 months after receiving the two initial shots, and then potentially everyone will have to be vaccinated again each year facebook.com/watch/live/?v=…
"There are vaccines that are like polio that one dose is enough... and there are vaccines like flu than you need every year," he said.

"The Covid virus looks more like the influenza virus than the polio virus."
Biden official said something similar this morning. "Dr David Kessler, the Biden administration's chief science officer of COVID response, said that Americans should expect to receive booster shots, especially as variant continue to spread."
Read 5 tweets
Kim Zetter Profile picture
12 Apr
The blackout at Natanz nuclear facility in Iran was caused by explosives, not a cyberattack. "a large explosion that completely destroyed the independent—and heavily protected—internal power system that supplies the underground centrifuges nytimes.com/2021/04/11/wor…
"The officials, who spoke on the condition of anonymity to describe a classified Israeli operation, said that the explosion had dealt a severe blow to Iran’s ability to enrich uranium and that it could take at least nine months to restore Natanz’s production."
Clarification: the story says the blackout was caused by a large explosion. Theoretically such an explosion could be triggered by a cyberattack, depending on how it's done. But this sounds like it was physical sabotage rather than cyber. TBD
Read 5 tweets
Kim Zetter Profile picture
11 Apr
Announcing the creation of Sidechannel, a new Discord channel that seven other writers and I will be launching soon for paid subscribers to our publications. You can join the discussion by subscribing to zetter.substack.com or any publication by one of the writers below.
Other writers/pubs on SideChannel are:

Platformer @CaseyNewton
platformer.news

Galaxy Brain @cwarzel
warzel.substack.com/p/welcome-to-g…

Newcomer @EricNewcomer
newcomer.co

Hot Pod @nwquah
hotpodnews.com

Culture Study @annehelen
annehelen.substack.com
Deez Links @delia_cai
deezlinks.substack.com

Garbage Day @broderick
garbageday.email
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @KimZetter has new unrolls!

Check out other threads from @KimZetter!

Read all threads by @KimZetter