US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

Re: I can have another 4h in bed if I want

So long as you haven't got SolarWind's Wake On LAN utility on your system.

It may start beeping at you incessantly.

Re: "full rebuild"

You've hit the nail on the head. The scale of this hack cannot be understated and it's going to be practically impossible to confirm you've eliminated all the backdoors into your network they have planted.

From now on you will just have to assume they have access and be constantly trying to find it. Probably not a bad approach to security anyway and a lot like our COVID safety protocols, just assume you have the virus and take precautions.

Re: "full rebuild"

"grateful for being unemployed. First when I wake up at 7:10am and remember I can have another 4h in bed"

Ah, I remember that, the early weeks when rest was a boon! Later you get used to just getting up when you wake up. First I lived alone on an isolated peninsula on the Western Isles, and I'd wake up early to hear the Radio Scotland traffic forecast for the M8 just to remind myself how bad my life there had been - also to hear a human voice.

I guess that's partly why I read here, one downmanship. IT staff today are paid less than I was, and yet they have to deal with so much more stressful crap than I did. In my day if there had been a hack then I knew it had either been someone I knew messing with me, or me when I was drunk.

Re: "full rebuild"

The question is for the avg bod on the street is that now Azure is compromised and “no trace found of customers being hit” do we trust our stuff in Azure. Perhaps not... to be sure you need to rebuild everything, don’t think that’s going to happen

Re: "full rebuild"

Just in case anyone is wondering about ONE of the reasons why FyreEye codenamed the trojan as SUNBURST. This is due to internal malware clues relating to the NATO codename SUNBURN which is the reference to a Moskvet Hypersonic Aircraft Carrier Killer Missile System. Don't know WHY the original programmer put a reference to a Moskvet missile system in his/her code BUT it's there!

Ergo, this was DEFINITELY a Russian GRU special operations directorate job!

Time to hit them BACK HARD! Kinda gonna need the help of the Israelis on this because of there SUPREME expertise in low-level microcode malware!

Time to hit the PIC chips embedded into all the Russian aircraft altimeter and ordnance proximity systems with some randomized loop-around code so the avionics and terrain following software goes all crazy!!!

Can YOU DO IT BABEEEEEEEEEE ????? !!!!!!

V

Re: MRDA/YMMV/SNAFUBAR/Don't Panic ... All Systems are Normal and under our Command and Control ....

Oh God, he’s making sense again. And it’s never good when that happens...

Re: Good to know ...

Next we need some politicians to chime in. The world wants to know how we can protect our children from APT29 (and Huawei!) and, also, that you shouldn't worry because you have nothing to hide. ...... Schultz

Crikey ‽ Doesn't everyone yet know if you have nothing to hide, there is nothing for others to worry about ........ although of course, if one knows a lot more than just a chosen few and a great many is there plenty for them all to be truthfully fearful of and absolutely terrified by?

What's wrong with y'all? What's the excuse? Mentally retarded or simply undereducated, systemically fundamentally ignorant or perpetually persistently lazy? Worlds want to know ..... as do, no doubt, some politicians so they can join in with some populist chimes.

Re: A Much Worser Worst case scenario with RATs sinking Ships

So since March/April high profile companies with large CERT teams nevertheless have been compromised and who knows how many have had this threat actor floating in their network yet not caught until December. ...... gr00001000

And not so much caught as just recognised as having been there busily exfiltrating nuclear information and explosive crown jewels, with exactly to whom and/or what with an interest to do something/anything untoward and/or unexpected with the intel for whom and/or what, always being so wonderfully unclear and securely private ......... and there is absolutely no guarantee that other threat actors in the team are not still in there, beavering away quietly and busily.

Systems may like to think and realise they have only encountered and captured a Remote Access Trojan.

Re: Incredulous statements

Indeed. Lack of evidence is not evidence of lack. Someone needs to go back to school.

Re: i used to enjoy solarwinds Orion when it was a single app ona single server

PRTG +1

Re: That's nothing

What if I'm already a monkey? What does it do to me then?

Re: That's nothing

I dont want the vaccine if its been produced using eggs

Because I dont want chicken DNA ending up in side me and mutating me into a chicken.(being a cockroach is bad enough)

However there would be a silver lining to being a chicken, I could have my head cut off and be a senior member of the government

Re: Orion

Meh - compromised third party software is compromised third party software. There is nothing here which is specifically MS, except that that happens to be what was infiltrated as a result.

There are lessons for all monitoring companies to learn, and SW in particular will need to verify any of their other agents etc that might have been affected.

If other monitoring companies aren't taking the same response as SW then they'll end up in a stronger position as a result.

Re: Ironic

Insert that "always has been" meme here.

Re: Russia is a potent enemy...

Such technology should have freed up the IT bods to make them more effective at out-of-band tasks, ... ...... Anonymous Coward

Errr ? Hello ‽ ....... Message to AC ....... Does that which is being commented on here not APTly demonstrate that at least some are already freed up IT bods making most effective use of almighty skills in out-of-band tasks ?

That would make potent enemy Russia much better as a best friend showing really great potential if Russians mothers are responsible and liable/fully accountable. Have they denied having any part in the recent shenanigans and current stealthy show of Combinations of AWEsome Strength and Virtual Cunning.

Their GDP is irrelevant

Hacking is asymmetric warfare, it requires orders of magnitudes more resources to protect against threats than it does to develop them. It is also self-funding, you can use "last year's" exploits that are no longer good enough to break into top tier targets in combination with ransomware on run of the mill corporate/state/local targets to fully fund your operation.