[FRIAM] 5 agencies compromised
uǝlƃ ↙↙↙
gepropella at gmail.com
Tue Dec 15 12:33:02 EST 2020
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
What I want to know is *how* did the trojan MSP update get on the SolarWinds server in the first place? Am I missing where they tell that part of the story? Or do they not know? At one security conference, I heard a nerd claim that Linux systems were trivial to hack. All you need is a weakness in their package/dependency management tool (e.g. Yum). Yikes!
Philosophically, we're closer and closer to the concept that data is code and code is data ... which for the psychology-obsessed, sounds a lot like pure behaviorism and some kind of holographic principle. (And note the paragraph on steganography in that article!)
--
↙↙↙ uǝlƃ
More information about the Friam
mailing list