How Russia hacked the Democrats email

Re: How Russia hacked the Democrats email

Re: How Russia hacked the Democrats email

Suspected Russian cyber attack looks like a 'dream' attack for hackers, says Palo Alto CEO

Suspected Russian cyber attack looks like a 'dream' attack for hackers, says Palo Alto CEO - YouTube

... "the ability to hack into the development phase of a software that was eventually distributed to 18,000 customers"

... "this will go down as one of the top 5 cyber attacks in cyber security history"

Re: How Russia hacked the Democrats email

Russia is Suspected of Cyberattacks Against Federal Agencies, Corporations | Zerlina. | The Choice

https://www.youtube.com/watch?v=LIg8Q6PdgXk


Russia is suspected in a major cyber attack targeting federal agencies and corporations. NBC News terrorism analyst Malcolm Nance joins Zerlina Maxwell to break down the significance of the attack and what safeguards need to be put in place.

Re: How Russia hacked the Democrats email

Microsoft Death Stars the Hackers!

EP86: Hackers got Death Star'd - YouTube



Microsoft "sinkholes" the domain of where all of the infected computers were checking into. Sinkholing refers to a Command & Control server. Any infected computers that checked into the infected Command & Control computer for instructions were instantly identified and routed to a safe server location. These same computers could then be automatically quarantined.

The seized domain has been turned into a killswitch to prevent the SolarWinds hackers to escalate infections and make new victims.

https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/

The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app.

Sources familiar with today's actions described the takedown as "protective work" done to prevent the threat actor behind the SolarWinds hack from delivering new orders to infected computers.

Currently, the avsvmcloud[.]com domain redirects to an IP address owned by Microsoft, with Microsoft and its partners receiving beacons from all the systems where the trojanized SolarWinds app has been installed.
This technique, known as sinkholing, is allowing Microsoft and its partners to build a list of all infected victims, which the organizations plan to use to notify all affected companies and government agencies.


"This is not the first time a domain associated with malware has been seized by international law enforcement and even by a provider," ExtraHop CTO Jesse Rothstein told ZDNet in an email, referring to Microsoft's previous takedown and sinkholing efforts against the Necurs and TrickBot botnets.

Current takedown and sinkholing efforts also include representatives for the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, looking to find other US government agencies that might have been compromised.

Due to SolarWinds' extensive US government clientele, government officials are treating the SolarWinds compromise as a national security emergency. A day before the SolarWinds breach became public, the White House held a rare meeting of the US National Security Council to discuss the hack and its repercussions.


"As part of our commitment to our customers and community, FireEye continues to take action to protect organizations from the SolarWinds supply chain attack. We disclosed the supply chain attack shortly after we discovered it, and we provided information on related malicious activity and coordinated with partners to disable some malware related to this activity.

"SUNBURST is the malware that was distributed through SolarWinds software. As part of FireEye's analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate.

"Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution. FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections.

"This killswitch will affect new and previous SUNBURST infections by disabling SUNBURST deployments that are still beaconing to avsvmcloud[.]com. However, in the intrusions FireEye has seen, this actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor. This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult to for the actor to leverage the previously distributed versions of SUNBURST."

Re: How Russia hacked the Democrats email

Trump claims China 'may' have been behind cyber attack after Pompeo says it was ‘pretty clearly’ Russia


President Trump on Saturday claimed China "may" have been behind a massive cyberattack on U.S. government systems -- a day after Secretary of State Mike Pompeo said the attack was "pretty clearly" perpetrated by Russians.

https://www.foxnews.com/politics/trump-china-cyber-attack-pompeo-russia


Trump downplayed the attack, dubbed by one U.S. official as "the worst hacking case in the history of America," as "far greater in the Fake News Media than in actuality."

White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it Friday afternoon but were told to stand down, according to people familiar with the plans. Officials initially weren't told why the statement was pulled back.

Trump also baselessly claimed in the tweets that the attack could have impacted US voting machines. A group of national, state and private election officials said in a joint statement last month that there is no evidence of any voting system being compromised in the 2020 election.

As the scope of the espionage campaign and its sophistication became clearer over the past two weeks, US officials had begun to believe that a Russia-linked entity or Russian individuals are responsible for the attacks. Pompeo's comments go further than any Trump administration official yet in pinning the blame on Russia, as further evidence shows the hacking operation bears all the hallmarks of a Russian-backed actor.

... although Trump's attempt to misdirect will likely fall on deaf ears within the US intelligence community, the possibility that China executed the attack and tried to cover it's tracks by making it look like Russia has to be fully vetted by cyber forensic experts before the USA retaliates under President elect Biden.

Re: How Russia hacked the Democrats email

Here we go the TRUMP Russian Suck Up

Trump contradicts Pompeo, plays down alleged Russian role in cyberattack

Re: How Russia hacked the Democrats email


... which brings back "all roads lead to Putin". What does Putin have on Trump that Trump will confuse and redirect on his most sacred of Presidential duties, defending America?

Re: How Russia hacked the Democrats email

Money sex probably both

Re: How Russia hacked the Democrats email

"Why won't Trump do something about Russia" will very, very soon be replaced by "Why Biden is right not to do something about Russia."

Re: How Russia hacked the Democrats email


Had too many beers today buddy

Re: How Russia hacked the Democrats email

Romney: Trump has a 'blind spot' when it comes to Russia
By Devan Cole, CNN
Updated 11:33 AM EST, Sun December 20, 2020

Washington(CNN)Republican Sen. Mitt Romney said Sunday that President Donald Trump has a "blind spot" when it comes to dealing with Russia after the President downplayed a massive cyberattack on US federal agencies linked to the country, warning that the aggression "is a big wake-up call for us."

"The President has a blind spot when it comes to Russia, and so you can expect that that's the response that he would have," Romney told CNN's Jake Tapper on "State of the Union" when asked about a tweet from Trump undercutting his secretary of state's assessment of the massive hack.

"This is a big wake-up call for us and I think we're going to have to really rethink our military and national security readiness so when it comes to cyberspace, because this is the warfare of the future and I hope that we get ourselves up to the capacity you would expect the strongest, greatest nation on Earth to have," the Utah Republican added.


At least half a dozen federal agencies are now known to have been targeted in the breach, including the Department of Homeland Security's cyber arm and the Departments of Agriculture, Commerce, Energy and State. Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack.

Re: How Russia hacked the Democrats email

Given the cyber attack on America I wonder if President Elect Biden will still make LGBT issues his top priority?

Re: How Russia hacked the Democrats email

President elect Biden's has assembled a very talented team of science and fact based advisors who can walk and chew gum at the same time.

President Biden will listen to the advice of the US intelligence community, the DND, NATO and Cyber Command before making any moves.

The damage is done. A response does not have to happen right away. It will be at a time and place the US chooses to have maximum effect

Nevertheless, this is one of many very thorny problem created under Trump's and the Republican's watch that Biden has to cleanup while advancing his own agenda to help all US citizens emerge from the COVID-19 pandemic and an economic tailspin.

LGBTQ rights have nothing to do with the cyber attack on the USA.

Re: How Russia hacked the Democrats email


Are these the same advisers that told Obama to send billions in cash to Iran in the middle of the night? I bet if I asked you to name the advisers that you couldn't name one of 'em and would have to google them.

EDIT: It's interesting that you've been screaming at the top of your lungs for Trump to do something and in the next breath say that there's no hurry for Biden to do anything. LMAO.

Re: How Russia hacked the Democrats email


... in cyberwar, you will not read about any response in any media source until much later after the retaliatory strike occurs. No bombs will drop, no shots will be fired, no lives will be lost.

... No Commander in Chief will telegraph to his opponent when the strike will occur.

... there are elements of this, the greatest cyber attack on the USA ever, that could be designed to distract President Biden from his agenda. President Biden has 4+ decades of Senate and VP experience in how to handle foreign affairs and has already guaranteed a proportional, retaliatory strike will occur

... those who chose to dwell on the past are distracted from focussing on the future.