https://i.ibb.co/W3bLc6s/received-231361101956836.jpg

[email protected]// GENTEXT/REMARKS/1. Due to recent unauthorized disclosures of CNSI and CUI, the Secretary of Defense mandated additional security measures be implemented to stem the illegal flow of classified and sensitive information outside the control of DOD.

CNSI == CLASSIFIED NATIONAL SECURITY INFORMATION

CUI == CONTROLLED CLASSIFIED INFORMATION

doesnt really get more official than this source admitting to leaks...

https://www.marines.mil/News/Messages/Messages-Display/Article/2449262/implementing-exit-checks-to-ensure-additional-protections-for-classified-nation/

who is willing to bet harris is the source of these newly mentioned leaks

how's it going noodlearm, you really should stop name dropping gnaa everywhere as if it actually means something.

consider this what could the chances be that the ccp list of names that was just leaked is actually one of the CNSI leaks

pay attention to the first points raised

1. Due to recent unauthorized disclosures of CNSI and CUI, the Secretary of Defense mandated additional security measures be implemented to stem the illegal flow of classified and sensitive information outside the control of DOD.

the APT29 commies (https://en.wikipedia.org/wiki/Cozy_Bear)

access most likely happened from the admin read/write ftp access to solarwinds official download portal via exposed credentials in the github repo, see https://twitter.com/vinodsparrow/status/1338431183588188160

the solarwinds backdoor was the entrypoint in the fireeye breach.

the attackers then deployed a vmware 0day here's the NSA's advisory attributing the vmware 0day to russia being the origin

https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF

too bad for you that ive been employed in this industry investigating these very types of things for the past 15+ years

while china has hacked a lot of things, solarwinds is not attributed to china. these attackers show a far more tailored technical capability than anything china currently has the means to pull off.

its definitely far worse than people realize. fireeye basically cooperate with our gov and most other govs to investigate nation-state sponsored attacks and such.

some takeaways after reading the main analysis of the backdoor

the attacker most definitely had knowlege of the inner workings tailored access operations and possibly had training, as well as having performed enough operational security and information gathering to isolate and terminate their implant if they detected any traffic from known netblocks leased or utilized by intel such as the microsoft netblock 96.31.172.0/24, and the nokia netblock our NSA has used for numerous ops, 131.228.12.0/22

its way worse than you think. solarwinds left admin creds for their ftp of their official download server in a github repo that ended up being discovered in nov 2019 and that was accessed by god knows who aside from the guy who reported it. while that is not enough access for them to implant the backdoor within the digitally signed .dll its located in, its more than enough of a starting point to obtain said access.

https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/

the solarwinds backdoor was used to gain access to fireeye's internal network where a vmware 0day was deployed for further lateral movement and compromise, they got data including fireeye's own weaponized exploits along with the weaponized exploits collected by fireeye during their many investigations of breaches across multiple organzations and entities, and this is just the beginning of whats coming to light now. expect to see a vast amount more information to come out over the next few days as more orgs verify the IOC's

"Eisen said that he was asked to “escort certain members in and out of the capitol” Monday, but that plan had a “monkey wrench” thrown into it when a “bomb threat” to Lansing was called in from Wisconsin."