{"id":4670,"date":"2020-12-29T15:56:47","date_gmt":"2020-12-29T13:56:47","guid":{"rendered":"https:\/\/www.laurentmarot.fr\/wordpress\/?p=4670"},"modified":"2021-02-01T11:25:16","modified_gmt":"2021-02-01T09:25:16","slug":"solar-winds","status":"publish","type":"post","link":"https:\/\/www.laurentmarot.fr\/wordpress\/?p=4670","title":{"rendered":"Solarwinds (solorigate, sunburst)"},"content":{"rendered":"
\"SolarWinds<\/a>

SolarWinds – Photographer: TRIPPLAAR KRISTOFFER\/SIPA\/AP<\/p><\/div>\n

\u00a0Le sujet :<\/strong><\/p>\n

Voir page Wikipedia FR<\/a> ou mieux Wikipedia EN<\/a><\/p>\n

Raccourci :<\/strong><\/p>\n

Un vulgarisation du sujet gr\u00e2ce \u00e0 une vid\u00e9o de 5mn<\/a> de Romain du Marais<\/p>\n

Les faits :<\/strong> \u00ab\u00a0In an operation that cybersecurity experts have described as exceedingly sophisticated and hard to detect, the hackers installed malicious code in updates to SolarWinds\u2019s widely used Orion software, which was sent to as many as 18,000 customers.<\/em><\/p>\n

The malicious code provided the hackers access to the customers\u2019 computer networks and, as clients around the world continue to comb their systems for signs of the Russian hackers, the list of victims is expected to grow.\u00a0\u00bb<\/em><\/p>\n

 <\/p>\n

Chronologie :<\/strong><\/p>\n

Octobre 2019 : premiers essais \u00e0 blanc de la m\u00e9thode de distribution du malware<\/p>\n

Mars 2020 : distribution de la backdoor<\/p>\n

8 d\u00e9cembre 2020 : FireEye, par le biais d’un article de blog de son CEO<\/a> Kevin Mandia communique sur le hack dont elle vient d’\u00eatre victime avec pour cons\u00e9quence le vol d’une partie des outils utilis\u00e9s par ses Red Teams.<\/p>\n

Reuters et les agences de presse g\u00e9n\u00e9ralistes relaient l’information : U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools<\/a><\/p>\n

13 d\u00e9cembre 2020 : communication coordonn\u00e9e<\/a> de FireEye, solarwinds, Microsoft et du gouvernement am\u00e9ricain.<\/p>\n

 <\/p>\n

Premiers d\u00e9tails:<\/strong><\/p>\n

NextImpact – 23 d\u00e9cembre 2020
\nPiratage de SolarWinds : un ancien salari\u00e9 avait alert\u00e9, en vain<\/a>
\nD’apr\u00e8s le tr\u00e8s bon article original de Bloomberg du SolarWinds Adviser Warned of Lax Security Years Before Hack<\/a> by Ryan Gallagher<\/a><\/p>\n

 <\/p>\n

Communication de crise :<\/strong> SolarWinds spokesperson said in a statement, \u201cOur top priority is our work with our customers, our industry partners and government agencies to determine whether a foreign government orchestrated this attack, best understand its full scope, and to help address any customer needs that develop. We are doing this work as quickly and transparently as possible. There will be plenty of time to look back and we plan to do that in a similarly transparent way.\u201d<\/p>\n

In addition, the company said it is collaborating with law enforcement and \u201cwill continue gathering all relevant information to ensure an incident like this does not happen again.<\/p>\n

 <\/p>\n

Les acteurs :<\/strong><\/p>\n

Kevin Thompson, solarwinds\u2019s chief executive officer, former securty adviser at solarwid<\/p>\n

Ian Thornton-Trump, chief information security officer at threat intelligence firm Cyjax Ltd<\/a><\/p>\n

Tim Brown former chief technology officer at Dell Security, current vice president of security architecture<\/p>\n

Vinoth Kumar<\/a> Cybersecurity expert who discovered FTP server credential<\/a> on gitHub<\/p>\n

Former internal langue de pute, ex solarwind : A former SolarWinds employee, who worked as a software engineer at one of the company\u2019s U.S. offices, said SolarWinds appeared to prioritize the development of new software products over internal cybersecurity defenses<\/strong>.<\/p>\n

Jake Williams, aka monsieur-je-sais-tout, a former hacker for the U.S. National Security Agency who is now president of cybersecurity firm Rendition Infosec<\/a>, said technology companies such as SolarWinds that build and produce computer code often \u201cdon\u2019t do security well<\/strong>.\u201d<\/p>\n

 <\/p>\n

Les victimes :<\/strong>
\nAt Least 200 Victims Identified<\/a> in Suspected Russian Hacking, dont :<\/p>\n