SolarWinds hack: what just happened?

Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again?

it is interesting that how these top security companies with lots of managed service and bunch of products in their portfolio lectured everybody and then for 9+ months they did not figure out that they had been hacked?!

I don’t care if SolarWinds share holders knew so they cashed out their stock a few days prior to breaking the news, as some media are talking about it, but about the hack and its technicality I have opinion: it is not sophisticated, and it is simply a matter of understanding essentials of supply chain security and exposures and executing standard security practices.

of course they say the hack was sophisticated because top security firms don’t want to admit they were naive in Detection & Response. let’s be result oriented.

By Kaveh Mofidi

I find simple solutions for huge and complicated problems. I believe information security and computers in general are fun to deal with, but our problems are way bigger than securing information. The real deal is to find solution for unlimited clean energy, drinkable water, mitigate root cause of hunger, war, and injustice...We need to keep our planet livable, that is our real problem on the Earth! Contact me with any question or comment: kaveh@securetarget.net