"solarwinds123"

[GURPS]

Hacked Texas-based IT infrastructure provider SolarWinds was warned over weak password security last year, after security researcher Vinoth Kumar discovered that the company used "solarwinds123" to protect their update server.

"This could have been done by any attacker, easily," said Kumar, according to Reuters.
On Monday, SolarWinds confirmed that their flagship network management software, Orion, was the target of an international cyberespionage operation which the Washington Post pinned on government-backed Russian hackers - who inserted malicious code into Orion software updates and pushed it out to almost 18,000 customers.

The malicious updates - sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections - was “perfect timing for a perfect storm,” said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird’s cybersecurity preparedness and response team.
Assessing the damage would be difficult, she said.
“We may not know the true impact for many months, if not more – if not ever,” she said. -Reuters

"Solarwinds123": Hacked IT Company Used Weak Password, While Backdoor Access Peddled On Underground Forums

That's the kind of thing an idiot would have on his luggage!

cms.zerohedge.com

Solarwinds was the Application used to back door Multiple Federal Agencies / Leading Businesses and the Military 0

 

[GURPS]

Government Minimizing the Most Prolific Hack of Its Systems in History


Just how bad was the hack of U.S. government agencies that was discovered last week? Some cyber experts say it could be the worst in U.S. history — even more serious than the 1990s “Moonlight Maze” hack that stole documents that, if stacked one atop another, would be three times the size of the Washington Monument.

The damage assessment is in its infancy but given the number of agencies targeted and the length of time the criminals had before they were detected, it must be considerable.
Associated Press:

U.S. government agencies, including the Treasury and Commerce departments, were among dozens of high-value public- and private-sector targets known to have been infiltrated as far back as March through a commercial software update distributed to thousands of companies and government agencies worldwide.
[…]
In this case “several Washington Monument piles of documents that they took from different government agencies is probably a realistic estimate,” [Johns Hopkins cyberconflict expert Thomas] Rid said. “How would they use that? They themselves most likely don’t know yet.”
The Trump administration has not said which agencies were hacked. And so far no private-sector victims have come forward. Traditionally, defense contractors and telecommunications companies have been popular targets with state-backed cyber spies, Rid said.