kb2001 said:

---

MGS said:

---

kb2001 said:

---

Is there any truth to the rumor that Solarwinds offices in Austin were raided yesterday by the FBI? I can't seem to find anything about it

---

https://texags.com/forums/16/topics/3166010

---

I've followed that thread. At this point I haven't found any source other than that one, and that one hasn't confirmed it either.

---

They are there but they were asked to be there.

So when it says they compromised Office 365, does that mean they used Orion to compromise the individual 365 servers for that organization or did they find a way to get into Microsoft and then back door their way into any 365 they wanted?

Let me read some more

This is really good and really detailed description of both FireEye hack and (because it was the vector for the FireEye hack) the Solarwinds hack. It starts at 1:38:20.

https://twit.tv/shows/security-now/episodes/797

When you can't even trust your monitoring solution company...

MS compromised

Deats said:

---

MS compromised

---

Very curious to see what ends up happening here.

Me too

There seems to be an information blackout. It's real hard to tell what is happening.

From what I've been reading, the MS 365 compromises have been related to customers that were being actively engaged by the hackers. It wasn't that Microsoft was compromised and it allowed the hackers carte blanche into all of Office365's customers.

Quote:

---

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."

---

https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/

mickeyrig06sq3 said:

---

From what I've been reading, the MS 365 compromises have been related to customers that were being actively engaged by the hackers. It wasn't that Microsoft was compromised and it allowed the hackers carte blanche into all of Office365's customers.

Quote:

---

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."

---

https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/

---

MS is being real quiet about the extent of their exposure.

Deats said:

---

MS is being real quiet about the extent of their exposure.

---

I can't fault anyone for being tight lipped about how compromised they were. If you figure out you were exposed, you have to audit your entire environment, and you will still probably miss something. Plus the current fear that the group has left some things behind that will activate many months down the road.

Just start all over \_()_/

So should I just go ahead and change all my passwords for everything? Not that experienced with all the cyber security stuff.

Not unless you want to

What was the end result of this hack?

We a year later.

Whats the damage?

Where are we at with this?

Stat Monitor Repairman said:

---

What was the end result of this hack?

We a year later.

Whats the damage?

Where are we at with this?

---

No real end-result per se. The problem with the hack was that the timeline from creation to detection was almost a year (March 2020 to December 2020). It only established a backdoor into the companies and government agencies. From there the hackers used it to move laterally and deploy additional software or scripts to further compromise systems.

Solarwinds fixed their vulnerability, but the compromised companies each had their own internal evaluations to do in order to determine exposure. Some weren't vulnerable (or were vulnerable, but security policies prevented it from calling home), some were vulnerable and compromised but decided to just rely on internal scans and monitoring to catch any footholds that were established. Final category was going scorched earthed and basically assuming everything was compromised, and building infrastructure from scratch.

This is a good write up, and any search of "sunburst solarwinds" will get you more results.
https://resources.infosecinstitute.com/topic/sunburst-backdoor-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/