Kim ZetterI spent a year digging into the SolarWinds hack - talking with SolarWinds/Mandiant/Microsoft and others -- to bring you this detailed story of how the hackers pulled off the boldest, most sophisticated supply-chain hack in history ... and how they got caught. https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
THIS ACCOUNT HAS MOVED@kimzetter excellent
pmhesse@kimzetter I just finished @agreenberg's Sandworm recently. Any thoughts to expanding this into a whole book as well?
Jon (now at neuromatch.social)@kimzetter great artcle!
Richard Bejtlich@kimzetter this report looks AWESOME. I’m reading it now. Quick correction: “Mandia, a 52-year-old former Air Force intelligence officer.” Kevin was never an intelligence officer. He was an Air Force Office of Special Investigations Agent. His AFSC was 71S. Air Force intelligence officers (like me) were AFSC 14N. https://www.osi.af.mil/OSI-Careers/Officers/
@taosecurity Hmm. This went through fact checkers and I recall they changed something about that description but I don't recall offhand what it was. I'll have to go back and look at it. Thanks for highlighting it.
@kimzetter no worries. I see it all the time but I know you’re responsive, so I figured I’d say something. 🙏 Great story all around. 👏
@taosecurity Thank you. I hope people will find it useful.
(((Klefstadmyr)))@kimzetter Pssst! The SolarWinds' FTP server password is "solarwinds123", but don't tell anyone.
skry@kimzetter What a great story! Thank you.
spaf@kimzetter It's a good read, Kim. I will probably assign it in some of my classes in security.
Thomas Griffiths@kimzetter thank you for the excellent journalism 🙏
KristinMuH@kimzetter I hope you sell the movie rights, this is a gripping story
runnerjohn@kimzetter Suspenseful and scary...an excellent read...thank you for writing it!
Jared Rimer@kimzetter [email protected] wow! I sense a book on this one. Lots of tech companies and podcasts covered Solar Winds during 2019-20 and then it went dark. A lot of security now covered a lot of this article at that time, but the timeline and article was quite interesting! I suspect a book on this one, just like Stuxnet. Great article here!
@jrimer2023 Thank you, Jared
@kimzetter You're welcome Kim. I read your one book, its a book resource at emailhostsecurity.com under the resources page. Stuxnet was a very interesting book!
@kimzetter You might want to check jaredtech.help and see if I put a review of it up. If not, I should do that.
Duncan@kimzetter fantastic write up, thank you for your time and effort in producing it (and the fact checkers, etcetera who contributed)
Caleb@kimzetter Good job, read the whole thing last night and it was very well written.
@calhix Thank you, Caleb
@kimzetter Wow, fascinating subject and really well written
Alex@kimzetter What a great piece! Makes for excellent reading... and I'm astonished by the sophistication of the attack.
@sietse Thank you, Jens. Yes, and I was only able to convey a small part of the sophistication due to space and storytelling constraints.
@kimzetter this is fantastic! Thank you. I’d like to comment on the part where it says “many federal agencies … were lax about logging…”. I’d say that at least some of said federal agencies are not funded or staffed to do it despite pleas from the technical IT staff to be able to do it.
@snick8484 Thanks for that context
Richard Keppler@kimzetter amazing story. Well done.
@RichardKeppler Thank you, Richard
@RichardKeppler Thank you, Richard
David B Ⓥ 🥕