This is mostly a minimal issue, although all my newsfeeds were dominated this week by the Solarwinds hack anyway :-/
To my more recent subscribers: something went wrong with the signup process while I was on paternity break, causing you to miss last week's issue when I restarted. My apoligies, you can catch up on that one here.
This was definitely the big one this week, my goodness. Turns out that the FireEye hack was just the tip of a very big iceberg. Solarwinds Orion, a network management platform, was compromised. And with it about 18.000 customers like Microsoft and Cisco, and a bunch of US governement departments (Treasury, State, Health, Homeland Security, Energy, Nuclear Security and more).
This article seems to nicely sum up what we know so far, although more is definitely to come. There is so much more to read on it though, so I've added a few more articles to get you going if you want to dive deeper:
- A detailed technical writeup of the Sunburst malware by FireEye: link.
- Three articles from Brian Krebs on the hacks, in chronologic order: Dec 14th, Dec 15th, Dec 16th.
- Sunburst’s C2 secrets reveal second-stage SolarWinds victims: link.
Besides the obvious reason it definitely doesn't look great for Solarwinds. For one it sounds like (part of?) the compromise was due to a hardcoded password "solarwinds123", which is so insanely stupid I have trouble believing it but then again, sure. And apparently their management team was seen selling millions of dollars of shares before the news of the compromise broke out. Tsk tsk.