Discover and read the best of Twitter Threads about #SolarWinds

Most recents (24)

Happening now: Our CEO Kevin Mandia is joining a panel at #RSAC discussing lessons learned from the #SolarWinds cyber breach & how businesses can transform to face tomorrow’s cyber threats.
Asked about increasing sophistication in #cybersecurity, Kevin says that “in 2021 we saw over 70 zero days. Hackers are gaining capabilities & there is enough money in cybercrime that actors are buying zero days.”
“I don’t think the #cybersecurity landscape looks remarkably different in 2022, but we do see nations states and cyber criminals becoming more sophisticated. The lesson from this is that we have to make cyber security national security.” - @CISAJen during the #RSAC panel.
Read 8 tweets
Just received a response from @GETTRofficial to our @tl_eng report. Their Global Communications Director @ebonybowden has emailed and asked us to publish a series of comments from their CEO @JasonMillerinDC. So we are. 1/
This thread will address Miller’s rebuttals point-by-point. In the images attached to these tweets, when GETTR quotes our article the text appears in quotation marks. GETTR responses appear in bold type.

Read our original @tl_eng report here: 2/ talkliberation.substack.com/p/gettr-app-re…
Miller admits @GETTRofficial user data is supplied to Facebook and Google, because GETTR’s growth strategy is dependent upon feeding data to #BigTech. Miller says the info is not shared with anyone else, but it is public knowledge that Fbook & Google share data with partners. 3/
Read 18 tweets
#Russia|n hackers behind the massive #SolarWinds hack are at it again - targeting +140 tech service providers since May, per @Microsoft's @TomBurt45

"To date we believe as many as 14 of these resellers & service providers have been compromised"
blogs.microsoft.com/on-the-issues/…
The #Russia|n hackers are "attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain" per @Microsoft's @TomBurt45
The #Russia|n group, aka #Nobelium, "ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems & more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers" per @Microsoft
Read 8 tweets
1/ - New week, new breach, and new thread. Previous week's thread can be found here: @epikfailleaks @davetroy @emilymolli @MikaelThalen
2/ - and also here: . Many of these are early conclusions and will change as the data becomes better and more sources come forward.
3/ - First revelation. @ClaremontInst and @CMCnews are hosting their Usenet group, new.claremont.edu, on @Giganews and #DataFoundry, who are being investigated for child pornography by the State of New Mexico and @Austin_Police: ladailypost.com/ag-balderas-ex…
Read 33 tweets
"Some of the leading threats to the American way of life are #cyber enabled - from espionage to influence to attack" Deputy National Security Advisor for Cyber Anne Neuberger tells #AspenSecurity
Sanctions vs #Russia but not #China for malign #cyber behavior?

"#SolarWinds was not the 1st case of aggressive Russian cyber activity in int'l space" per @WHNSC's Neuberger
"In the case of #China, there's still that building of consensus around malicious cyber activity, around the need to call it out together" w/allies, per @WHNSC's Neuberger, adding that it "doesn't preclude follow-on activity"

#cyber
Read 13 tweets
🚨BREAKING: hackers linked to #Russian🇷🇺intel have breached @USAID’s @ConstantContact account in an ONGOING ATTACK to send spearphishing emails to >3,000 accounts at >150 organizations—many such groups have been critical of Putin’s human rights violations.
nytimes.com/2021/05/28/us/…
Microsoft says #Nobelium is behind the attack—the same #Russian🇷🇺hackers behind the #SolarWinds hack that was the work of the SVR, a spinoff from the KGB.

The SVR was behind the hack of the @DNC in 2016, and attacks on the Pentagon, the WH email system and the State Department🤬
#Russia’s🇷🇺latest cyberattack began after @POTUS imposed new sanctions on #Russian individuals and assets for the #SolarWinds cyberattack—including restrictions on purchasing #Russia’s sovereign debt, making it more difficult for Russia to raise money & support its currency.
Read 5 tweets
Happening now: @US_CYBERCOM @CYBERCOM_DIRNSA and @DeptofDefense Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang testifying before #HASC subcommittee on on Cyber, Innovative Technologies, and Information Systems
"#China is the pacing threat for the department, including in #cyber operations" per @DeptofDefense Deputy Asst Sec Eoyang

"China uses cyber operations to erode US military overmatch and economic vitality, stealing US intellectual property & research"
"#Russia also continues to be a highly-sophisticated & capable adversary, integrating malicious cyber activities, including espionage & influence operations in mutually reinforcing ways" per Eoyang
Read 24 tweets
THREAD How worried should US/EU policymakers be about Russia’s harnessing emerging technologies like AI & machine learning (ML) to support its assertive foreign policy agenda? I dug into these issues for a new paper as part of Carnegie’s project, The Return of Global Russia 1/x
There’s no doubt the Kremlin’s ongoing campaign of mayhem (the war in #Ukraine, interference in the 2016 and 2020 US presidential elections, #SolarWinds, etc) has shown Russia’s operators are highly technically capable, operationally aggressive and innovative. 2/x
Part of what makes the Kremlin’s current calling cards so easy to spot—and more difficult to counter or deter—is a remarkable indifference to the knock-on effects of its behavior. This kind of operational art and bravado can mean more sometimes than pure technical chops. 3/x
Read 14 tweets
HAPPENING NOW: @POTUS talks #Russia after slapping #Moscow with what US officials described as sweeping sanctions for a variety of malign activities Image
"Earlier this week, I spoke w/President Putin of #Russia about the nature of our relationship" per @POTUS "I was candid & respectful. The conversation was candid & respectful - 2 great powers w/significant responsibility..."
"#Russia|ns & Americans are both proud & patriotic people" per @POTUS "And I believe the Russian ppl, like the American ppl, are invested in the peaceful & secure future of our world"
Read 18 tweets
NEW: "We believe we have the means to keep an eye on any terrorist threats or any sign of #alQaida's resurgence w/out having a persistent footprint on the ground" per @PressSec Jen Psaki
"The threat against the homeland now emanating from #Afghanistan can be kept to a level that can be addressed w/out that persistent footprint" per @PressSec, adding US "will retain significant assets in the region"

CT capabilities also being repositioned to counter any threat
Stable & predictable relationship w/#Russia "has to be our objective" per @PressSec "Obviously, this continues to be a difficult relationship. There are adversarial components..."
Read 5 tweets
We are LIVE tweeting the keynote address by @BradSmi. Join us using #Raisina2021 #RaisinaDialogue
.@BradSmi: We often see nation state #cyberattacks that identify and develop new attack vectors, which are then pursued by #cybercriminals often for #ransomware that is putting at risk institutions we all rely on #Raisina2021
.@BradSmi: We also have 21st century digital arms merchants – companies that work contractually for govts. to create the code govts. want to put to work – adding to the risk situation #Raisina2021
Read 10 tweets
We are live tweeting the panel “Recoding Our Future: Looking Beyond the Digital Wars” with @vestager @NandanNilekani @MarietjeSchaake
Moderated by @samirsaran #Raisina2021 #RaisinaDialogue
.@samirsaran: In the absence of regulations and clear-cut rules of the road for #digital technologies, there are anxieties and tensions in need of a resolution. #Raisina2021
.@vestager: The EU's key concerns are 1) Creating a level playing field in the marketplace; 2) Insufficient enforcement of rules, that have for decades applied to the offline world, in the online world; & 3) Dignity of citizens in #democratic societies. #Raisina2021
Read 19 tweets
HAPPENING NOW: Senate Intelligence Committee's Hearing on Worldwide Threats

"We look to our intelligence agencies to provide their best & most objective analytic judgments" per Chairman @MarkWarner "...free of bias, & not “shaded” in any way to fit a particular policy or agenda"
"We're going to need to discuss the situation in #Afghanistan" per @MarkWarner, in introductory remarks...
voanews.com/south-central-…
"It's the one time a year where the American public & the members of Congress here in the Senate get an unvarnished presentation by an apolitical intelligence community of the real national security threats" per Vice Chair @marcorubio
Read 56 tweets
#Russia|n hackers did breach the email of the @DHSgov front office as part of #SolarWinds hack, former acting secretary Chad Wolf tells @Heritage

"They're all unclassified email accounts..." he adds
"The access is what I was most concerned about" former acting @DHSgov secretary Chad Wolf said of "when they told me, 'Hey, look, your account, 1 of your email accounts...could be hacked'"

"If they have the ability to do that, what else do they have the ability to do?"
"Just the fact that they're able to do that was my primary concern" per ex @DHSgov acting secretary Chad Wolf re #Russia-#SolarWinds hack

"The fact that they got my email & knew that I was running late to meetings or had a schedule change, not that big a deal" he tells @Heritage
Read 4 tweets
Pentagon on @POTUS' proposed $715 billion FY 2022 @DeptofDefense budget

It "will ensure the Department’s resources are matched w/our strategy & policy to defend the nation & take care of our people, while revitalizing the key alliances & partnerships" per @SecDef Lloyd Austin
$715 billion budget request prioritizes "the need to counter the pacing threat from #China" per @DeptofDefense, and "...deterring nation-state threats emanating from #Russia, #Iran, & #NorthKorea"
.@DeptofDefense says the $715 billion budget request also addresses "threats to readiness, including hate group activity within the military, and prioritizing strong protections against harassment and discrimination"
Read 15 tweets
Happening now: Senate Armed Services Committee hearing on @USSOCOM & @US_CYBERCOM
"We recognize that our counterterrorism operations, while still critical to protecting Americans fro the likes of #ISIS & #alQaida, must become even more sustainable & focus on the most pressing threats" per @DeptofDefense Acting Asst Sec for Special Ops Chris Maier
"SOF continue to deter & disrupt persistent threats by terrorist & extremist organizations" per @USSOCOM Commander, Gen Richard Clarke

"20 years of this fight has honed out capability & most importantly our resolve" he says, calling SOF approaches "effective and sustainable"
Read 22 tweets
#SolarWindsHack - @FBI focused on more precise attribution

"Understanding who conducted this activity, why & how so that we can create the widest possible range of responses for our policymakers to consider" #Cyber Division's Tonya Ugoretz tells lawmakers
"We find it is most powerful when we are able to say, w/detail & as transparently as possible, how exactly adversaries conducted this activity, & ultimately who was behind it" per @FBI's Ugoretz

"The effort to develop that information, investigatively continues"
"The majority of the activity appears to have been directed at the #UnitedStates" per @FBI's Ugoretz re #SolarWinds hack

"However, we are aware of instances & information shared with us from foreign partners where some of their networks were affected as well"
Read 7 tweets
Happening now: "We are tracking that event very carefully" @SecMayorkas tells House Homeland Security Committee of shootings in & around #Atlanta #Georgia that left 8 ppl dead, 6 of them women of Asian descent Image
#Cybersecurity: "As a 1st step, I have directed grant funding that will provide an additional $25 million for state & local entities across the country to increase their cybersecurity" per @SecMayorkas re: #SolarWinds, @Microsoft Exchange hacks
.@CISAgov "remains laser focused on protecting & providing assistance to federal civilian agencies & working w/the private sector" adds @SecMayorkas
Read 35 tweets
Happening now: Senate Intelligence Committee considers nomination of Amb. William Burns to lead @CIA

"You deserve a well-earned retirement, but your country still needs you" Chairman @MarkWarner tells Burns as hearing gets underway...
"After four years during which the expertise & judgment of America’s civil servants were at times belittled & discounted, the next director must lead & inspire patriotic professionals w/humility and compassion...& dispassionately judge the actions of adversaries" per @MarkWarner
"I'd like to hear how you plan to reinforce the credo, no matter the political pressure, no matter what, that @CIA’s officers will always do the right thing and speak truth to power" per @MarkWarner
Read 53 tweets
Happening now: Senate Intelligence Committee hearing on #SolarWinds hack

"Preliminary indications suggest that the scope & scale of this incident are beyond any that we’ve confronted as a nation, & its implications are significant" warns committee chairman @MarkWarner
"The reality is the hackers responsible have gained access to thousands of companies, and the ability to carry out far more destructive operation if they wanted to" per @MarkWarner

#SolarWinds hack
"While many aspects of this compromise are unique, the #SolarWinds Hack also highlights a number of lingering issues that we have ignored for too long" per @MarkWarner
Read 35 tweets
NEW: @solarwinds CEO Sudhakar Ramakrishna tells @CSIS there is "organizational commitment" to talk about the #SolarWinds hack

"It is our obligation to do so" he says in virtual discussion

Ramakrishna will be testifying before Congress Tuesday
"We can emerge as a stronger company... a stronger software community" per @solarwinds' Ramakrishna
1st priority for @solarwinds after hack was discovered was working w/clients & remediation

Also rapid focus on learning from incident, per CEO Ramakrishna
Read 4 tweets
1⃣♦️JUST IN - Suspected Chinese hackers exploited a flaw in software made by #SolarWinds to help break into US government computers last year, marking a new twist in a sprawling cybersecurity breach that US lawmakers have labeled a national security emergency (Reuters)‼️⬇️
2⃣♦️A former official said depending on the compromised data, "this could be an extremely serious breach".‼️⬇️
Read 4 tweets
Finishing up this session at #enigma2021 is from Trey Herr speaking about "BREAKING TRUST – SHADES OF CRISIS ACROSS AN INSECURE SOFTWARE SUPPLY CHAIN"

[ *cough* #SolarWinds #SolarWindsHack *cough* ]

usenix.org/conference/eni…
The software supply chain is huge and reaches everywhere.

In the US and elsewhere there's a lot of COTS (commercial off the shelf) software being used.

We don't build most of the software that we use, from mobile phones to container architechture.
Our mental models around supply chain (and regulatory architecture) are built around the hardware supply chain
Read 17 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!