The SolarWinds update.
Several government agencies are clarifying that SolarWinds wasn’t used on networks carrying classified data, only on unclassified ones. The Energy Department specifically clarifies that only the “business networks” were impacted, and “not impacted the mission essential national security functions of the Department, including National Nuclear Security administration.”
VMWare has confirmed it had its systems breached by the attacks, but also has disputed any of it’s products were used as additional attack vectors. Researchers have also shared a list of organizations where threat actors have deployed the Sunburst/Solarigate malware, which includes Intel, Nvidia, Cisco, and Belkin.
Why do we care?
Experts are clarifying the difference between espionage and act of war. That jumped out at me.
I’m not going to keep dwelling on the why – it’s still the same. Check out my longer form video if you missed it, with link in the show notes.