ICYMI: Microsoft, CrowdStrike, SolarWinds... Oh my!
Microsoft reports a new wave of attacks by the Russia-affiliated Nobelium gang now linked to the SolarWinds hack. This round was launched by "gaining access to the Constant Contact account of USAID," the US Agency for International Development. Using this access, the attack involved phishing emails with a link that leads to insertion of a malicious file and a backdoor that can be used for data theft.
One of the most interesting comments I’ve found regarding the SolarWinds hack comes from Mike Wiacek, the CEO and founder of cybersecurity startup Stairwell and also the founder of Google’s Threat Analysis Group:
"A sophisticated adversary developed new techniques to compromise FireEye only to steal code that mimicked known attackers. Nothing there makes sense," he said. "It’s like Jeff Bezos or Elon Musk robbing a bank at gunpoint—it’s almost comical to imagine it happening. This is pure opinion/speculation on my part, but it seems like a waste of capability to develop novel techniques and steal tools that imitate known attackers. Part of [me] wonders if they went for something else, but it’s impossible to say and odds are, FireEye doesn’t even know yet. Similar to a museum heist—where someone breaks in to steal the Mona Lisa but they maybe grab something from the gift shop on the way out—the first thing you’ll notice missing is from the gift shop, right when you walk in."
Although it’s speculation, the paragraph above is eye-opening. What might be the “something else” this group was after? It does appear that during the hack, they attempted to get something from Crowdstrike.
During the course of investigating the SolarWinds breach, CrowdStrike says Microsoft uncovered an attempt from unidentified hackers to read emails linked with the company.
Why would somebody want access to CrowdStrike’s emails? Something is happening here that we don’t yet know the full scope of. One thing we know for sure is that this DID impact the election through the Dominion Voting Systems machines.
Let's not forget the fact, CrowdStrike provided Endpoint Detection Services for Lancaster County, Nebraska. Read the Memorandum of Agreement between the Center for Internet Security and Lancaster County, Nebraska for Endpoint Detection & Response (EDR) Services.
Perhaps it’s just me, but if a bad actor like Bob Evnen has referred to publicly, wanted to hack our entire election system, gaining access to it through a few entities like CrowdStrike may be the perfect way to do it. Despite a laundry list of conflicts of interest on behalf of our state, and nation, we are being told, repeatedly, to simply ignore those conflicts and “trust” that nothing nefarious occurred in the 2020 election – when CrowdStrike themselves had direct access to voting machines throughout the country – including Nebraska.