Special Report: Day Eight of the SolarWinds Crisis
Trump contradicts Pompeo on Russian attribution, Biden aide expects Russia will be punished, Mandia narrows attacks most severe impacts to 50 organizations, Second group also targeted SolarWinds, more
The massive supply chain hack of top software vendor SolarWinds grabbed the spotlight on the Sunday news shows. Cybersecurity researchers continued to provide more useful details on the unprecedented espionage campaign the hack facilitated.
First, on Saturday, shortly after Secretary of State Mike Pompeo became the first Trump administration official to call out Russia as the source of the campaign, Donald Trump contradicted his always-unwavering supporter in a tweet saying the media exaggerated the damage, blaming other possible foes including China and falsely conflating a voting machine conspiracy theory with the SolarWinds hack.
Related: NYT > Politics, Houston Chronicle, Inquirer.com, Big News Network, CNBC Technology, South China Morning Post, Digital Journal, UPI.com, Engadget, WashingtonExaminer.com, ABC News, Wall Street Journal, ABC.net.au, CBC, France24, DataBreachToday.com, AM New York, AP Top News, Japan Today, Chinanews.net, CBSNews.com, The Guardian, VOA News, Bloomberg Politics, emptywheel, The Hill: Cybersecurity, CRN, Boing Boing, Vox, SecurityWeek, ETTelecom.com, Raw Story, POLITICO, Business Insider, Axios, rthk.hk World News, AlterNet.org, Mediaite, TIME. Mediaite
Meanwhile, President-Elect Joe Biden expects to punish Russia for its hypercharged espionage, according to Biden Chief of Staff Ron Klain. “It’s not just sanctions. It’s also steps and things we could do to degrade the capacity of foreign actors to repeat this sort of attack or, worse still, engage in even more dangerous attacks,” Klain said.
Related: Associated Press Technology, Japan Today, AlterNet.org, Raw Story, CNN.com - Politics, Business Insider, ETTelecom.com, TIME, ibtimes.sg : Top News, Vox, RT USA, iTnews - Security, Daily Mail, STL.News, Reuters: World News, Deutsche Welle, Business Insider, The Guardian, ETTelecom.com, Axios, CBSNews.com, Reuters, Sydney Morning Herald
Kevin Mandia, CEO of FireEye, the cybersecurity firm that was the first publicly identified target of the SolarWinds group, appeared on CBS News to explain the hack. In the process, he described the attack as a funnel that, although it affected 18,000 organizations, ultimately and intensely affected 50 organizations the most.
A report from Reuters’ Chris Bing, who broke the Solar Winds story (and who is now apparently asleep), says a second hacking group called SUPERNOVA also targeted SolarWinds’ products, according to sources. The second group’s malware imitates SolarWinds’ software, much like the first-known attack, but is not digitally signed, indicating that this group of attackers didn’t have access to its internal systems.
Related: Reddit - cybersecurity
Bing also delivered the news that Congress is worried that a Pentagon plan to split the National Security Agency from U.S. Cyber Command could hamper the United States’ ability to respond to the attack.
An ongoing debate continued during the weekend over whether the SolarWinds hack is an attack or an act of war. Most cybersecurity experts say it’s espionage at a turbocharged level, but not an attack, and certainly not war.
And on the lighter side of a terrible situation, BugCrowd’s Casey Ellis basically said that the SolarWinds’ breach is basically the same as it ever was.