The Solarwinds incident is breathtaking in its scope, but it was also such a huge and delicate house of cards. It will take a long time to clear every organization, but really, one flagged bad device login brought so much infrastructure crashing down.
8
68
2
474
This really lends credence to the “adversaries only have to succeed once and defenders have to succeed all the time” mantra being bunk. One defender was successful once at a point in basic defense, and a bite got taken out of a very costly instrusion into multiple organizations.
11
15
5
140
Replying to @hacks4pancakes
I don’t know how much the adversary spent on this operation, but I would speculate that they have already recouped that value in intelligence. Plus now there is the cost to businesses who have to respond/remediate. Vastly successful op from the adversary perspective.

Jan 19, 2021 · 6:12 PM UTC

1
1
1
Replying to @hal_pomeranz @hacks4pancakes
Maybe there’s also the many indirect costs: knowing various vendors have pieces of the puzzle and will slowly release them over many months is the long tail of impact, causing their peers in the industry to lose productivity unpredictably without changing the landscape much.
This tweet is unavailable
That goes both ways, you know. They burned a ton of TTPs.
1
more replies