A ZDNet op-ed throws its hands up and declares the SolarWinds software supply chain cyberespionage campaign to be worse than imagined. Assessing just how bad it is would require more understanding of the incident and its effects than is now (publicly at least) available, but consensus remains that it’s pretty bad. Ironnet offers a set of expert takes on why this form of cyberespionage—more than an ordinary data breach—has the potential to serve as preparation for more serious attacks later.
Qualys offers a look at the backdoor installed in the Solorigate cyberespionage operation. They draw particular attention to the malware’s evasiveness and use of domain generation algorithms.
SolarWinds shareholders have filed a class action suit against the company whose Orion software has been at the center of the eponymous cyberespionage incident. The plaintiffs allege, Fox Business reports, that the company "misrepresented and failed to disclose" information about the incident, and this amounted to failing its "duty to disseminate accurate and truthful information."
Chinese threat actors may be involved in an APT side hustle. Researchers at Profero and Security Joes say they’ve found Emissary Panda, the Chinese state-run threat group also known as APT27, conducting ransomware attacks. Most ransomware strains have by now evolved information-stealing capabilities, so the ongoing campaigns may represent a two-fer: self-funding intelligence collection.
The New York Stock Exchange's on-again, off-again delisting of three major Chinese telecommunications companies in response to US sanctions has roiled the market for China Mobile, China Telecom, and China Unicom shares.