Since the day of the Kaseya attack, I have been warning that this looked like another supply chain attack, similar to SolarWinds.
This is why it is ballooning, from 40 customers to over 1000, and it may still grow further, as it targets service providers. theverge.com/2021/7/2/22561…
It was wise for Kaseya to shut down its cloud services, and to tell customers to shut down their VSA servers.
This likely reduced infections significantly, but when some of your customers host customers of their own, this has a ripple effect.
I started this thread as soon as we learned about the attack. It includes links to other threads that have more information.
Independent investigators have attributed the attack to the Russian REvil hacking group.
As an example, the RNC said one of its vendors - Synnex - was compromised by the hack.
We don’t know what Synnex does, but it appears to offer mult. services that could cause ripple effects.
My wild guess, based on their site, is that their solutions don’t use strict security.
There are dozens and dozens of products like Kaseya that companies and governments use to manage their systems & networks.
We have to respond to this aggressively; but we also must find a model (including federal security standards) that can help protect from these attacks.
We also can’t view these trojan payload attacks on IT supply chains in a vacuum.
The data that can be gleaned from them can allow adversaries to “map” networks and infrastructure, enabling more aggressive and damaging attacks in the future.
What did they learn from this one?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
“Carson Tucker [the Ann Arbor attorney who represented Leaf & included him on emails] asked Trump allies for information that might justify voting machine seizures by his client and other sheriffs “expressing an interest” in St. Joseph, Shiawassee, Lake and Jackson counties.”
On Dec. 15, Tucker emailed Carissa Keshel at the Fight Back Foundation, a nonprofit chaired by pro-Trump attorney L. Lin Wood, and asked for information about "counties that have been potentially compromised" in the Nov. 3 election.
The 'Ndrangheta is among the richest and most powerful organized crime groups at a global level. It has a dominant position on the European cocaine market [and] reproduces abroad perfect copies of its operational structures.
If you run a Kaseya VSA server, Kaseya is recommending that you shut it down right now, because the first thing that the attack does is take away your admin access.
Kaseya VSA is a remote monitoring and management product.
The details aren’t clear yet, but this could potentially be another supply chain attack, similar to (but not nearly as large/impactful as) the SolarWinds hack.
Here is a running thread with updates - follow this:
Rudy & the GOP worked with Andriy Derkach to smear the Biden family.
His father, Leonid Derkach, was the head of Ukraine’s security services.
Leonid promised to “crush” and “take care of” the journalist, who was kidnapped and beheaded three months later. washingtonpost.com/politics/2019/…
This recording of Biden discussing Shokin that Giuliani, Parscale and others used in attempts to smear Biden with misleading stories, came from Andriy Derkach.
The same Derkach whose father planned the beheading of a journalist who ‘mouthed off.’
Trump’s new app received its initial seed funding from Guo Wengui’s family foundation.
A host on Guo’s GNews site said Gettr was “the concentration of Miles’s whole life work.” The host added that Guo had come up with the idea for Gettr’s logo, a torch.
Two weeks ago, a bizarre ad for Gettr was posted on GTV’s video channel.
…
The ad promises that Gettr will be “gossipy” and feature “virus truth,” [referencing] Guo’s claims that the Chinese government was behind the coronavirus pandemic. Videos of Guo appear prominently
Some accounts on the platform already have hundreds of thousands of followers - a far higher count than the number of people who have actually downloaded the app.
This is likely due to its connection with Guo’s GNews network - not to imports from Twitter or other platforms.