IT server management. Basically any agency who is running this piece of software on their servers has to shut them down and do a full forensic audit of their machines. Then they have to take what ever they find and present it to CISA.
Kinda silly if you ask me considering the government still runs its serves on Windows. Windows is the biggest security hole out there.
Probably not. I mean this kind of thing is not rare in the government. All this document says in plain english is.....
Hey, software is not secure. Plz check for super cereal haxrz. Plz update and install all security patches because that will TOTALLY solve the problem.
Is it possible that this is the result of some super clandestine cyber warfare plot? Sure. But if it were, it wouldn't say that the threat is adverted merely by updating the software.
🚨 The CCP is trying to take over our computers.
The adversary is trying to maintain their foothold.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices, as described below in Required Action 2, is the only known mitigation measure currently available.
CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on:
Current exploitation of affected products and their widespread use to monitor traffic on major federal network systems;
High potential for a compromise of agency information systems;
Ok? Explain solar winds
IT server management. Basically any agency who is running this piece of software on their servers has to shut them down and do a full forensic audit of their machines. Then they have to take what ever they find and present it to CISA.
Kinda silly if you ask me considering the government still runs its serves on Windows. Windows is the biggest security hole out there.
Curious if trump is looking for bad actors in the government
Probably not. I mean this kind of thing is not rare in the government. All this document says in plain english is.....
Hey, software is not secure. Plz check for super cereal haxrz. Plz update and install all security patches because that will TOTALLY solve the problem.
Is it possible that this is the result of some super clandestine cyber warfare plot? Sure. But if it were, it wouldn't say that the threat is adverted merely by updating the software.
🚨 The CCP is trying to take over our computers. The adversary is trying to maintain their foothold.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
https://attack.mitre.org/tactics/TA0003/ The threat actors are using to maintain persistence in the environment.
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices, as described below in Required Action 2, is the only known mitigation measure currently available.
CISA has determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on:
Current exploitation of affected products and their widespread use to monitor traffic on major federal network systems;
High potential for a compromise of agency information systems;
Grave impact of a successful compromise.
Agencies report by 12pm tomorrow ... This gonna be interesting.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html