Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
What I want to know is *how* did the trojan MSP update get on the SolarWinds server in the first place? Am I missing where they tell that part of the story? Or do they not know? At one security conference, I heard a nerd claim that Linux systems were trivial to hack. All you need is a weakness in their package/dependency management tool (e.g. Yum). Yikes! Philosophically, we're closer and closer to the concept that data is code and code is data ... which for the psychology-obsessed, sounds a lot like pure behaviorism and some kind of holographic principle. (And note the paragraph on steganography in that article!) -- ↙↙↙ uǝlƃ - .... . -..-. . -. -.. -..-. .. ... -..-. .... . .-. . FRIAM Applied Complexity Group listserv Zoom Fridays 9:30a-12p Mtn GMT-6 bit.ly/virtualfriam un/subscribe http://redfish.com/mailman/listinfo/friam_redfish.com archives: http://friam.471366.n2.nabble.com/ FRIAM-COMIC http://friam-comic.blogspot.com/
