Well that briefed well... but what box does that Orion SolarWinds sit on smart ass?
$100,000,000 says it’s not on a standalone.
If you installed the update on your box and they pivot then they have root access to your OS and box. Are you starting to see the bigger picture yet? Good
You can always tell who monitors green and red nodes on a map and who actually configures and secures the network and assets that allow you to monitor said network.
Here’s an idea, instead of us having a pissing contest, let’s work together towards a logical solution.
CISA is investigating incidents that exhibit adversary TTPs consistent with this activity, including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed. Volexity has also reported publicly that they observed the APT using a secret key that the APT previously stole in order to generate a cookie to bypass the Duo multi-factor authentication protecting access to Outlook Web App (OWA).[1] Volexity attributes this intrusion to the same activity as the SolarWinds Orion supply chain compromise, and the TTPs are consistent between the two. This observation indicates that there are other initial access vectors beyond SolarWinds Orion, and there may still be others that are not yet known.>
Link from quote pay attention to the URL:
Well that briefed well... but what box does that Orion SolarWinds sit on smart ass?
$100,000,000 says it’s not on a standalone.
If you installed the update on your box and they pivot then they have root access to your OS and box. Are you starting to see the bigger picture yet? Good
You can always tell who monitors green and red nodes on a map and who actually configures and secures the network and assets that allow you to monitor said network.
Here’s an idea, instead of us having a pissing contest, let’s work together towards a logical solution.