The US Government and a large number of private organizations continue to assess the extent of the SolarWinds incident. The scope and extent of the damage are known to be large, but just how large, and who specifically was affected, remains under investigation. An op-ed by former US Homeland Security Advisor Bossert probably has it right in saying that the breach is “hard to overestimate.”
A joint statement yesterday from the US FBI, CISA, and ODNI says that the Government has invoked Presidential Policy Directive (PPD) 41 to establish a Cyber Unified Coordination Group to coordinate a whole-of-Government response to the Russian cyber operation that exploited SolarWinds’ Orion platform.
According to KrebsOnSecurity, FireEye, Microsoft, and GoDaddy cooperated on a response to the SolarWinds compromise by establishing a killswitch to disable Sunburst backdoor instances still beaconing to their original domain. As FireEye said in widely quoted statement, “this actor moved quickly to establish additional persistent mechanisms to access to [sic] victim networks beyond the SUNBURST backdoor,” so the killswitch is far from representing a thorough remediation. BleepingComputer has a summary of what’s publicly available so far.
Bloomberg reports that the US Director of National Intelligence said yesterday that the Intelligence Community will not meet tomorrow’s deadline to report to Congress about Chinese influence operations in the 2020 election season. That there were attempts seems clear enough, but how extensive they were, and how much prominence they should be given, remains a matter of disagreement among the agencies in the Intelligence Community.