Three authoritative articles on the massive attack on Western systems

1. From an excellent source:

2. The Strategic Implications of SolarWinds

(Article from left leaning site, but we are told, this is a good summation. Apparently, ONLY the Penatgon has not been hit.)

Recent reports of a widespread Russian cyber infiltration across U.S. government networks are a sign of how great power competition will play out in the 21st century. The new great power game is digital, with the shadowy alleys and cafes of Cold War spy games replaced by massive data breaches and compromising corporate security. Some strategies see this world as dominated by offensive operations—but the SolarWinds case suggests the opposite. The U.S. Cyber Solarium Commission, on which we served, found that the future of cybersecurity strategy will come to rely on layered cyber deterrence to enable defensive denial operations, international entanglement and cost imposition when aggressors defy the norms of the international system. The SolarWinds hack emphasizes the importance of implementing this strategy. 

It’s simpler to list the agencies that have not been caught up in the SolarWinds infiltration, which was run by Russian hacking group APT29 under the umbrella of the Russian intelligence services, the SVR. So far, only the intelligence community has not been reported to have been breached. 

3. Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Summary

This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.

One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products (see Appendix A).

  • Orion Platform 2019.4 HF5, version 2019.4.5200.9083
  • Orion Platform 2020.2 RC1, version 2020.2.100.12219
  • Orion Platform 2020.2 RC2, version 2020.2.5200.12394
  • Orion Platform 2020.2, 2020.2 HF1, version 2020.2.5300.12432

Note (updated December 19, 2020): CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform. Specifically, we are investigating incidents in which activity indicating abuse of SAML tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified. CISA is working to confirm initial access vectors and identify any changes to the TTPs. CISA will update this Alert as new information becomes available.

Thank you ML for these materials. 

About Eeyore

Canadian artist and counter-jihad and freedom of speech activist as well as devout Schrödinger's catholic

3 Replies to “Three authoritative articles on the massive attack on Western systems”

  1. As is usual the left wants to replace human intelligence with technical intelligence (signals intercept, hacking etc) you need both types of intelligence if you are going to remain an independent nation and not a client state.

  2. So many agencies were attacked and it started quite some time ago. It makes me wonder if some among the staff are compromised (Kompromat)