SolarWinds Hack

[ABC123]

There is a lot of information this board is missing about this very serious breach. I will try to catch everyone up as I have not been able to post the last couple of days.

We are at WAR!

Im sort of starting from the middle here but I will try to back track.


SOLAR WIND HACKERS GOT ACCESS TO SYSTEMS THROUGH GATES OUTLOOK WEB APP



Researchers from security firm Volexity said on Monday that it had encountered the same attackers in late 2019 and early 2020 as they penetrated deep inside of a think tank organization no fewer than three times.

During one of the intrusions, Volexity researchers noticed the hackers using a novel technique to bypass MFA protections provided by Duo. After having gained administrator privileges on the infected network, the hackers used those unfettered rights to steal a Duo secret known as an akey from a server running Outlook Web App, which enterprises use to provide account authentication for various network services.



The hackers then used the akey to generate a cookie, so they’d have it ready when someone with the right username and password would need it when taking over an account. Volexity refers to the state-sponsored hacker group as Dark Halo. Researchers Damien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, and Thomas Lancaster wrote:



https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/

 

[ABC123]

I read data on Chinese investments in USA a major part was with telecommunications and software companies. Posted last week from anon



https://www.citizen.org/article/chinese-investment-in-the-united-states-database/



SolarWinds’ Customers

SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Our customer list includes:



More than 425 of the US Fortune 500
All ten of the top ten US telecommunications companies
All five branches of the US Military
The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States
All five of the top five US accounting firms
Hundreds of universities and colleges worldwide

Partial customer listing:

Acxiom
Ameritrade
AT&T;
Bellsouth Telecommunications
Best Western Intl.
Blue Cross Blue Shield
Booz Allen Hamilton
Boston Consulting
Cable & Wireless
Cablecom Media AG
Cablevision
CBS
Charter Communications
Cisco
CitiFinancial
City of Nashville
City of Tampa
Clemson University
Comcast Cable
Credit Suisse
Dow Chemical
EMC Corporation
Ericsson
Ernst and Young
Faurecia
Federal Express
Federal Reserve Bank
Fibercloud
Fiserv
Ford Motor Company
Foundstone
Gartner
Gates Foundation
General Dynamics
Gillette Deutschland GmbH
GTE
H&R; Block
Harvard University
Hertz Corporation
ING Direct
IntelSat
J.D. Byrider
Johns Hopkins University
Kennedy Space Center
Kodak
Korea Telecom
Leggett and Platt
Level 3 Communications
Liz Claiborne
Lockheed Martin
Lucent
MasterCard
McDonald’s Restaurants
Microsoft
National Park Service
NCR
NEC
Nestle
New York Power Authority
New York Times
Nielsen Media Research
Nortel
Perot Systems Japan
Phillips Petroleum
Pricewaterhouse Coopers
Procter & Gamble
Sabre
Saks
San Francisco Intl. Airport
Siemens
Smart City Networks
Smith Barney
Smithsonian Institute
Sparkasse Hagen
Sprint
St. John’s University
Staples
Subaru
Supervalu
Swisscom AG
Symantec
Telecom Italia
Telenor
Texaco
The CDC
The Economist
Time Warner Cable
U.S. Air Force
University of Alaska
University of Kansas
University of Oklahoma
US Dept. Of Defense
US Postal Service
US Secret Service
Visa USA
Volvo
Williams Communications
Yahoo





https://web.archive.org/web/20201213230906/https://www.solarwinds.com/company/customers

 

[ABC123]

 

[ABC123]

Real Estate, Technology, Distribution Sectors Are Top Targets for Chinese Investment

Total Chinese investment in the U.S. economy has reached over $145 billion. This includes more than 50 acquisitions of American assets worth at least $50 million each in 2016, a high-water mark for inbound Chinese investment. Since 2011, the Chinese have invested heavily in different sectors of the American economy, mostly through acquisitions rather than new investments. More may be on the way, as China’s outbound FDI is low relative to the size of China’s economy.

SOURCE: Public Citizen’s Chinese Corporate Investment Database

Billion-Dollar Acquisitions in Energy Extraction and Other Sectors Helping to Create Constituency for “Investor-State”-Style Protections

A proposed U.S.-China Bilateral Investment Treaty (China BIT) would grant Chinese firms broader rights than exist currently to purchase U.S. firms, land and other assets. This treaty would newly expose the U.S. government to demands for compensation from Chinese investors and firms operating in the United States through investor-state dispute settlement (ISDS). Chinese investors have already made U.S. investments in sectors that have been subject to a significant number of ISDS claims in other countries (such as energy extraction) and that have generated the most egregious ISDS cases brought to date by foreign investors against sovereign governments. (Entities that are government controlled are denoted by *)

Sinopec*
Oil & Gas Assets (Five new venture plays)
2012
2.4
CNOOC*
Oil & Gas Assets (Eagle Ford Shale in Texas)

2010
2.2
Sinochem*
Oil & Gas Assets (Wolfcamp Shale in Texas)

2013
1.7
China Investment Corp*
The AES Corp (Virginia)

2009
1.6
CNOOC*
Chesapeake Energy Corp (Colorado & Wyoming)

2011
1.3
Yantai Xinchao
Tall City and Plymouth Petroleum (Texas)

2015

1.1
Sinopec*
Oil & Gas Assets (Oklahoma)

2013
1.0
SOURCE: Public Citizen’s Chinese Corporate Investment Databasee
Top 15 Chinese Government Entities and Corporate Conglomerates with Ties to the Chinese Government Account for Nearly 60 Percent of Chinese Investment in the United States

A majority of Chinese investments in the United States either come from government controlled entities (e.g. the sovereign wealth fund China Investment Corporation, Sinopec, CNOOC) and government agencies (e.g. SAFE) OR the top Chinese conglomerates with close connections to the Chinese government, ranging from companies that are influenced by the government (e.g. WH Group/Shuanghui) to ones strongly linked to the government (e.g. HNA Group). Many ostensibly private companies enjoy links (in the form of relationships and financing) to the Chinese government that are not typically recognized (e.g. WH Group/Shuanghui). The China BIT would provide the same rights to Chinese government and non-government entities alike.

HNA Group

14.1
9%
State-linked

Dalian Wanda Group Corp Ltd
10.7
7%
State-linked

China Investment Corp
8.9
6%

State-owned enterprise
Anbang Insurance Group Co Ltd
7.9
5%
State-linked
HNA Group Co Ltd
7.6
5%

State-linked
Hainan Traffic Control Holding Co Ltd
2.0
1%

State-linked
SOURCE: Public Citizen’s Chinese Corporate Investment Database
Notes: “State-linked” = No government ownership but evidence exists of well-known relationships with government entities or current/former government officials. “State-influenced” = No government ownership but evidence exists of relationship between organization’s activities and government incentives/mandates, such as five-year plans, or favorable financing from state-owned banks.



https://www.citizen.org/article/chinese-investment-in-the-united-states-database/

 

[ABC123]

SolarWinds Opens New Office in Washington, DC Metro Area



February 19, 2015



SolarWinds opened a new office in the heart of the Dulles Technology Corridor. “For years, SolarWinds has been helping federal government agencies tackle critical IT management challenges such as increasingly complex networks, perilous cybersecurity threats and restrictive budgets,” said David Kimball, Group VP- Federal, SolarWinds. “Our new office is a testament to our focus on serving the federal government and the contractors that support them. We’ve planted roots, grown our team, and developed critical relationships with federal IT pros to ensure we continue to address their ever-changing challenges and needs.” To better serve its federal customers, including those in nearly every branch of the DoD and the majority of civilian and intelligence agencies, SolarWinds has opened a new office in Herndon, Virginia at 2250 Corporate Park Drive, Suite 210, which hosts much of the fast-growing company’s federal government team. Meet the SolarWinds Federal Team and enjoy complimentary appetizers and cocktails at an Open House at the new Herndon office Tuesday, March 3 from 3:00-6:00 p.m. EST. Please RSVP to attend.



SolarWinds Solutions for Government:



- SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.

- U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, National Institute of Standards and Technology (NIST) compliance, and Common Criteria EAL 2 Certification, Section 508 VPATs.

- SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA, NIST, and more.

- SolarWinds’ thwack online user community provides a number of out-of-the-box compliance report templates available to download for free that are designed to help users prepare for an inspection. thwack also provides information on Smart Card and Common Access Card (CAC) product support.

https://www.apmdigest.com/solarwinds-opens-new-office-in-washington-dc-metro-area

 

[ABC123]

https://thehill.com/policy/cybersecurity/530143-dhs-hacked-as-part-of-massive-nation-state-cyberattack-on-federal



The Department of Homeland Security (DHS) was successfully breached as part of a major attack on U.S. federal agencies by suspected Russian hackers, Reuters reported Monday.

Reuters cited “people familiar with the matter” in reporting that hackers believed to be working for the Russian government had successfully gained access to internal communications within DHS.

DHS spokesperson Alexei Woltornist did not directly confirm the breach, but told The Hill that “the Department of Homeland Security is aware of reports of a breach” and “are currently investigating the matter.”

The report comes the day after Reuters first reported that both the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration had also been breached as part of an attack backed by a foreign government. The Washington Post attributed the breach to a prolific Russian military hacking group known as “Cozy Bear.”

The incident involved the hackers taking advantage of a vulnerability in software from IT vendor SolarWinds used by multiple federal agencies, along with the majority of U.S. Fortune 500 companies.

Lawmakers call for action after 'devastating' nation state…Hillicon Valley: Lawmakers call for action after 'devastating'…

Earlier on Monday, Woltornist put out a separate statement noting that “The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response.”

DHS’s Cybersecurity and Infrastructure Security Agency (CISA) put out an emergency directive on Sunday night telling all federal agencies to immediately disconnect systems running SolarWinds products, giving agencies until noon on Monday to report to >>CISA that they had completed this process.

“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation,” acting CISA Director Brandon Wales said in a statement on Sunday.

"The most secure election in history" - CISA

 

[ABC123]

https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach?



Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach



EXECUTIVE SUMMARY
SolarWinds announced on Sunday that the SolarWinds Orion Platform network monitoring product had been modified by a state-sponsored threat actor via embedding backdoor code into a legitimate SolarWinds library. This leads to the attacker having remote access into the victim’s environment and a foothold in the network, which can be used by the attacker to obtain privileged credentials. SolarWinds breach is also connected to the FireEye breach. In this article, we analyzed tactics, techniques, and procedures utilized by threat actors of the SolarWinds incident to understand their attack methods and the impact of this breach.

Key Findings
It is a global attack campaign that started in March 2020 and is ongoing.
The attack campaign has the potential to affect thousands of public and private organizations.
The attack started with a software supply chain compromise attack.
Threat actors trojanized a component of the SolarWinds Orion Platform software, dubbed as SUNBURST by FireEye [1].
The backdoored version of the software was distributed via its automatic update mechanism.
Attackers heavily used various defense evasion techniques such as masquerading, code signing, obfuscated files or information, indicator removal on host, and virtualization/sandbox evasion.
The threat actor leverages ten different MITRE ATT&CK tactics, including Lateral Movement, Command and Control, and Data Exfiltration.
Used techniques indicate that the threat actors are highly skilled.

article continues…

 

[ABC123]

https://twitter.com/CodeMonkeyZ/status/1338878113879474179

cap of

https://twitter.com/su13ym4n/status/1338870154596380673

cap of

https://twitter.com/PicusSecurity/status/1338866931567226880

Leads to article

 

[EO 11110]

shutdown ordered sunday night. trying to get ahead of something happening monday?

https://www.crn.com/news/security/fireeye-us-federal-agencies-hacked-through-solarwinds-report

The U.S. government late Sunday night called on all federal civilian agencies to power down SolarWinds Orion products immediately because they are being used as part of an active security exploit.

An emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) comes “in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors,” according to the notice. “This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales in the directive. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”

The directive instructs the all agencies operating SolarWinds products to report that they have completed the shutdown by noon ET Monday.
CISA issued the directive following a report that the SolarWinds Orion IT management tool had been used to hack several federal agencies.


The U.S. Treasury and the U.S. Commerce Departments were breached through SolarWinds as part of a Russian government campaign, The Washington Post reported. It is unclear whether a breach last week of security vendor FireEye was also linked to SolarWinds.

IT infrastructure mangement vendor SolarWinds disclosed Sunday that it experienced a highly sophisticated, manual supply chain attack on versions of its Orion network monitoring product released between March and June of this year. The company said it’s been told the attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, though no specific country was named.

A FireEye blog post states that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, but didn’t disclose the identity of any of the victims. FireEye said it’s been working closely with SolarWinds, the Federal Bureau of Investigation, and other key partners.

While hackers over the past two years have taken advantage of the tools MSPs rely on to manage customer IT systems, the tools utilized in this breach do not appear to be linked to SolarWinds’ MSP business.

The Orion platform supports SolarWinds’ traditional IT infrastructure management business and isn’t connected to the SolarWinds MSP business built through acquisitions in recent years. The company said it isn’t aware of any impact to its remote monitoring and management (RMM), N-Central and associated SolarWinds MSP products from the attack on Orion.

Austin, Texas-based SolarWinds last week named Pulse Secure’s Sudhakar Ramakrishna as its next CEO, and has been examining a spin-out of its MSP tools business for months. SolarWinds said its technology is used by the Pentagon, all five branches of the U.S. military, the State Department, NASA, the NSA, the Postal Service, the National Oceanic Atmospheric Administration, the Department of Justice, and the Office of the President of the United States.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council Spokesman John Ullyot told The Washington Post.

FireEye made the shocking disclosure Tuesday that it suffered a security breach in what’s believed to be a state-sponsored attack designed to gain information on some of the firm’s government customers. The attacker could access some of FireEye’s internal systems but apparently didn’t exfiltrate data from the company’s primary systems that store customer information, the threat intelligence vendor said.

The threat actor, however, stole FireEye’s Red Team security assessment tools, and FireEye said it isn’t sure if the attacker plans to use the stolen tools themselves or publicly disclose them. FireEye’s stock has plunged $1.69 (10.9 percent) to $13.83 per share since the hack was disclosed after the market closed Tuesday.

The Washington Post reported Sunday that the hackers with the Russian intelligence service—known as APT29—who attacked FireEye also compromised the Treasury and Commerce departments as well as other U.S. government agencies. The breaches have been taking place for months and may amount to an operation as significant as the State Department and White House hacks during the Obama years.

There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, Reuters reported Sunday. The hack is so serious it led to a National Security Council meeting at the White House on Saturday, according to Reuters.

APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016, the The Post said.

The Washington Post said that APT29 hacks for traditional espionage purposes, stealing secrets that can be useful for the Kremlin to understand the plans and motives of politicians and policymakers. Group members have stolen industrial secrets, hacked foreign ministries and, more recently, have attempted to steal coronavirus vaccine research, according to The Post.

 

[EO 11110]

https://www.zdnet.com/article/micro...ers-seize-key-domain-used-in-solarwinds-hack/

Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter.

The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app.
SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, contained a strain of malware named SUNBURST (also known as Solorigate).
Once installed on a computer, the malware would sit dormant for 12 to 14 days and then ping a subdomain of avsvmcloud[.]com.
According to analysis from security firm FireEye, the C&C domain would reply with a DNS response that contained a CNAME field with information on another domain from where the SUNBURST malware would obtain further instructions and additional payloads to execute on an infected company's network.
Takedown to prevent last-ditch hacks
Earlier today, a coalition of tech companies seized and sinkholed avsvmcloud[.]com, transferring the domain into Microsoft's possession.
Sources familiar with today's actions described the takedown as "protective work" done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers.

Even if the SolarWinds hack became public on Sunday, the SUNBURST operators still had the ability to deploy additional malware payloads on the networks of companies that failed to update their Orion apps and still have the SUNBURST malware installed on their networks.
In SEC documents filed on Monday, SolarWinds estimated that at least 18,000 customers installed the trojanized Orion app update and most likely have the first-stage SUNBURST malware on their internal networks.
However, the hackers do not appear to have taken advatange of all these systems and only carried out a handful of carefully-orchestrated intrusions into the networks of high-profile targets.
This was confirmed in a report on Monday from US security firm Symantec, which said that it discovered the SUNBURST malware on the internal networks of 100 of its customers, but it did not see any evidence of second-stage payloads or network escalation activity.
Similarly, Reuters also reported on Monday, confirmed with independent sources by ZDNet, that many companies that installed the trojanized Orion app update did not discover evidence of additional activity and escalation on internal networks, confirming that hackers only went after high-profile targets.
Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:

• US cybersecurity firm FireEye
• The US Treasury Department
• The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
• The Department of Health's National Institutes of Health (NIH)
• The Cybersecurity and Infrastructure Agency (CISA)
• The Department of Homeland Security (DHS)
• The US Department of State

Sinkholing efforts underway to discover all victims
Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.
This technique, known as sinkholing, is allowing Microsoft and its partners to build a list of all infected victims, which the organizations plan to use to notify all affected companies and government agencies.
"This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider," ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft's previous takedown and sinkholing efforts against the Necurs and TrickBot botnets.
Current takedown and sinkholing efforts also include representatives for the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, looking to find other US government agencies that might have been compromised.
Due to SolarWinds' extensive US government clientele, government officials are treating the SolarWinds compromise as a national security emergency. A day before the SolarWinds breach became public, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions.
Indicators of compromise and instructions on how to discover and deal with a SUNBURST malware infection are available from Microsoft, FireEye, and CISA.

 

[EO 11110]

uh oh.....attempt to 'debunk'

https://www.dailydot.com/debug/solarwinds-hack-dominion-debunk/

How the SolarWinds hack became the new focus of election fraud conspiracies

Conspiracy theorists are suggesting that Dominion is connected to a large-scale hack.

Dec 15, 2020, 8:21 am*

Tech

Mikael Thalen

Conspiracy theorists are attempting to link a large-scale hack of U.S. federal agencies to debunked claims of widespread voter fraud.
The conspiracies began unfolding Sunday after it was revealed that the U.S. Treasury Department and the U.S. Commerce Department had been the victims of a sophisticated hack.
The breach, which experts have linked to APT 29, a Russian government hacking group also known as "Cozy Bear," is said to have compromised numerous systems including the email communications at several federal agencies.
The hack appears to have been made possible after a breach at SolarWinds, a Texas-based IT company that provides services to numerous federal agencies.
The targeting of SolarWinds reportedly began as early as spring and resulted in a network monitoring tool known as Orion being backdoored by the hackers.
The total scope of the clandestine operation is still unknown as federal investigators work to unravel the months-long effort. SolarWinds admitted in a disclosure to the Securities and Exchange Commission on Monday that around 18,000 of its more than 300,000 customers—which includes both government entities and countless Fortune 500 companies—had been vulernable.
News of the hack came just days after it was learned that cybersecurity firm FireEye had been breached as well. Experts believe the incident, which resulted in the theft of the company's hacking tools, is tied to the same wide-scale hacking campaign.
Conspiracy theorists, including Ron Watkins, the former 8chan administrator, insinuated on Monday that election results may not be trustworthy given that Dominion Voting Systems appeared to be a customer of SolarWinds.
The election technology firm has been at the center of countless debunked conspiracy theories since Trump lost the election, including the outlandish claim that U.S. Army soldiers were killed while seizing a Dominion server run by the CIA in Germany that was designed to manipulate U.S. votes.
"Dominion Voting Systems uses SolarWinds products and it is still not powered down," Watkins wrote. "Was Dominion Voting Systems a target? Was Dominion Voting Systems hacked?"

Dominion Voting Systems uses SolarWinds products and it is still not powered down.

Was Dominion Voting Systems a target?
Was Dominion Voting Systems hacked?https://t.co/YJVHPilN1Rhttps://t.co/JDWWFVfofr https://t.co/MSgJ7yxoFY pic.twitter.com/hbaLZSYSPF
— Ron (@CodeMonkeyZ) December 14, 2020​

Watkins shared a screenshot of a mobile login portal seemingly running on SolarWinds technology.
The screenshot was immediately picked up by far-right outlets such as the Gateway Pundit and was cited by supporters of the president as the latest evidence of voter fraud.
In a statement to the Daily Dot, however, Dominion said that at no point has it ever used the Orion tool from SolarWinds that allowed the hackers to breach targeted systems.
"Dominion Voting Systems does not now—nor has it ever—used the SolarWinds Orion Platform, which was subject of the DHS emergency directive dated December 12, 2020," a Dominion spokesperson said.
SolarWinds declined to provide a comment to the Daily Dot on the matter given the ongoing investigation into the breach.
Like all other election fraud-related conspiracies, the SolarWinds claim will likely fade from prominence once Trump supporters find new allegations to latch onto.
SolarWinds described the hack as "a narrow, extremely targeted, and manually executed attack," suggesting that the hackers were intent on going after specific systems

 

[ABC123]

OH i forgot! Read yesterday the Texas Rangers raided the SolarWinds HQ in Austin yesterday. Dont have an article handy.

 

[newmisty]

OH i forgot! Read yesterday the Texas Rangers raided the SolarWinds HQ in Austin yesterday. Dont have an article handy.

SolarWinds HQ Raided in Austin — More News Coming on CEO and Executive Vice President (Update)
December 15, 2020
https://www.sgtreport.com/2020/12/breaking-report-solarwinds-hq-raided-in-austin-more-news-coming-on-ceo-and-executive-vice-president-update/

 

[ABC123]

theres video too misty...

 

[ABC123]

https://www.thegatewaypundit.com/2020/12/dominion-ceo-john-poulos-says-dominion-not-linked-solarwinds-orion-denies-votes-sent-off-site-manipulated-video/

They have since tried unsuccessfully to delete SolarWinds from their website.

 

[newmisty]

Wtf? My link is linking to farcebook...

 

[ABC123]

Pentagon imposed emergency shutdown of computer network handling classified material



https://justthenews.com/government/security/pentagon-imposed-emergency-shutdown-computer-network-handling-classified
Updated: December 15, 2020 - 4:39pm

 

[newmisty]

BREAKING BIG: CISA Emergency Directive Calls on ALL Federal Civilian Agencies to Review Compromise and Disconnect or Power Down SolarWinds Orion Products Immediately

BREAKING BIG — The Cybersecurity and Infrastructure Security Agency (CISA) on Sunday night issued Emergency Directive 21-01, in response to a KNOWN COMPROMISE involving SolarWinds Orion products.
This was only the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015.



TRENDING: PRESIDENT TRUMP Retweets Attorney Lin Wood: Kemp and Raffensperger "Will Soon be Going to Jail"
Via the Cybersecurity and Infrastructure Security Agency.

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.


“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a complete report to CISA by 12 pm Eastern Standard Time on Monday, December 14, 2020.​

The liberal media is blaming the attack and breach on the ‘Russians’?.

Jim Hoft

More Info

Recent Posts Contact
Jim Hoft is the founder and editor of The Gateway Pundit, one of the top conservative news outlets in America. Jim was awarded the Reed Irvine Accuracy in Media Award in 2013 and is the proud recipient of the Breitbart Award for Excellence in Online Journalism from the Americans for Prosperity Foundation in May 2016.

https://www.thegatewaypundit.com/20...-power-solarwinds-orion-products-immediately/

 

[ABC123]

https://theconservativetreehouse.com/2020/12/14/the-solarwinds-orion-data-breach-into-federal-and-civilian-organizations-highlights-a-silent-agenda-by-foreign-actors/

 

[the_shootist]

Downright scared.....OOOOOOOOOOOOOOOOOOOOOOOOO!!! Useless politicians!

 

[ABC123]

https://twitter.com/zackwhittaker/status/1338934516111564805?s=21



John Podesta probably made everyone’s password for them.

 

[the_shootist]

View attachment 193165
https://twitter.com/zackwhittaker/status/1338934516111564805?s=21



John Podesta probably made everyone’s password for them.

I seriously doubt this is true. Don't buy everything people post on Twat-her!

 

[ABC123]

The SIPRnet shutdown is because of the compromised SolarWinds Orion thing. Which is essentially a network monitoring and management system, by it's very definition deeply engrained into the network infrastructure that it manages and monitors. And this Orion thing was mighty popular with both big gov and transnational corps.

$10 say that the scale of this thing is so BIG, the Orion "hack" was a clown op - Probably the central building block of the infamous HAMR access platform. And someone at the C_A "lost" one of the command & control access keys while the Chinese then "found" exactly that key. Who knows to whom else the Chinese gave access.

Literally everything of value has been compromised, and then shit got out of hand really bad.

WHISTLEBLOWER ABOUT SIPRNET BEING FULL OF CP AND CHILD PROSTITUES FOR HIGH RANKING MILITARY MEMBERS

FIRST 5 MINUTES ALL ABOUTSIPRNET

https://www.bitchute.com/video/PmLHLgKH74tJ/

 

[ABC123]

https://investors.solarwinds.com/corporate-governance/management/default.aspx

 

[the_shootist]

View attachment 193202 View attachment 193203
https://investors.solarwinds.com/corporate-governance/management/default.aspx

I wonder if this guy's name is on the list of Chinese spies just released! Wouldn't that be something?

 

[Aurumag]

I think he is Korean.

I wonder if this guy's name is on the list of Chinese spies just released! Wouldn't that be something?

More importantly:

Since Sunday, when the SolarWinds hack came to light, the number of confirmed victims has grown to include:

• US cybersecurity firm FireEye
• The US Treasury Department
• The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
• The Department of Health's National Institutes of Health (NIH)
• The Cybersecurity and Infrastructure Agency (CISA)
• The Department of Homeland Security (DHS)
• The US Department of State

FireEye, CISA, DHS and DOS are the bell-ringers.

 

[ABC123]

https://investors.solarwinds.com/corporate-governance/management/default.aspx

 

[ABC123]

https://www.helpnetsecurity.com/2020/12/10/solarwinds-sudhakar-ramakrishna/

 

[ABC123]

https://twitter.com/RealMattCouch/status/1338645782220697607

 

[ABC123]

https://twitter.com/gatewaypundit/status/1338653905916473346



https://www.thegatewaypundit.com/2020/12/breaking-fbi-texas-rangers-us-marshals-raid-solarwinds-hq-austin/?utm_source=Twitter&utm_campaign=websitesharingbuttons

 

[ABC123]

Big insider selling since the election.

Big and unprecedented.



https://www.marketbeat.com/stocks/NYSE/SWI/insider-trades/

 

[ABC123]

 

[ABC123]

https://twitter.com/kylenabecker/status/1339033180393922562

 

[newmisty]

Downright scared.....OOOOOOOOOOOOOOOOOOOOOOOOO!!! Useless politicians!

View attachment 193159

Thanks for making me smile. Needed that.

" asks for declassification of what's known and unknown"

Which of course is code for, "PLEASE!!! I really need to know if you guys have dirt on me!!!"

I want to make a bumper sticker: "What's in your closet?

 

[Goldhedge]

$21.97 where he sold at on Monday.

 

[Goldhedge]

Trump did say these next 3 days would be interesting...

 

[ABC123]

US Security Adviser O'Brien Cuts Trip Short to Address Hacking Incident



White House National Security Adviser Robert O'Brien has cut his diplomatic trip in Europe short to return to the United States to address the recent hacking incident that targeted multiple federal agencies, National Security Council spokesman John Ullyot said in a statement.

"Ambassador O'Brien is returning to address the hacking incident," the spokesman said as quoted by the Wall Street Journal on Tuesday.

The report said O'Brien will be in meetings Tuesday evening and Wednesday morning followed by a high-level interagency meeting later this week.

O'Brien was on diplomatic business and was scheduled to return on Saturday. He concluded trips to Israel and France but had scheduled stops later this week in Italy, Germany, Switzerland, and the United Kingdom.

On Sunday, US media reported that a hacking group allegedly backed by a foreign government had stolen data from the Treasury Department and the National Telecommunications and Information Administration.

The Washington Post reported that a hacking group called APT29, also known as "the Dukes" or "Cozy Bear," allegedly linked to the Russian government, was likely behind the hacking but provided no proof for its claims.

The hackers reportedly got access by compromising the Texas-based SolarWinds software. The company provides remote information technology services around the world, including several US government agencies and the military.

The Russian Embassy in the United States said US media reports accusing Russian hackers for the recent cyber-attacks are unfounded.



https://sputniknews.com/us/202012161081474412-us-security-adviser-obrien-cuts-trip-short-to-address-hacking-incident/

 

[ABC123]

https://twitter.com/SputnikInt/status/1339274341817585665

 

[ABC123]

BREAKING EXCLUSIVE: Owners of SolarWinds Have Links to Obama, the Clintons, China, Hong Kong and the US Election Process



https://www.thegatewaypundit.com/2020/12/breaking-exclusive-owners-solarwinds-related-obama-clintons-china-hong-kong-us-election-process/

 

[nowon]

https://twitter.com/i/web/status/1339381152004464640