"You and your company were supposed to be preventing the Russians from reading Defense Department emails." "I've got a stronger password than 'solarwinds123' to stop my kids from watching too much YouTube on their iPad," Representative Katie Porter of California said. To date, at least nine government agencies and 100 private sector companies have been breached in what's being described as one of the most sophisticated and well-planned operations that involved injecting the malicious implant into the Orion Software Platform with the goal of compromising its customers. While a preliminary investigation into the attack revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor, Crowdstrike's incident response efforts pointed to a revised timeline that established the first breach of SolarWinds network on September 4, 2019. The said password " solarwinds123" was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the misconfiguration was addressed on November 22, 2019.īut in a hearing before the House Committees on Oversight and Reform and Homeland Security on SolarWinds on Friday, CEO Sudhakar Ramakrishna testified that the password had been in use as early as 2017. As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |