![solarwinds security solarwinds security](https://thumbor.forbes.com/thumbor/960x0/https%3A%2F%2Fspecials-images.forbesimg.com%2Fimageserve%2F5fe8c35114ed1fd24b6bb426%2FDissecting-The-SolarWinds-Hack-For-Greater-Insights-With-A-Cybersecurity-Evangelist%2F960x0.jpg)
The hacking group behind the SolarWinds supply chain attack are focusing their attacks against a large assortment of worldwide targets including "government, consulting, technology, telecom and extractive entities in North America, Europe, Asia, and the Middle East." Nation-state hackers who coordinated these attacks have most likely been active in compromised networks since then, given that the first hacked targets were discovered in December.
Solarwinds security software#
This ongoing campaign has started as early as spring 2020 (starting with March 2020 when the first malicious SolarWinds Orion versions were introduced via the compromise of the Orion software build system) and its goals include but are probably not limited to data theft. SolarWinds 8K SEC filing Attacks target governments and private organizations
![solarwinds security solarwinds security](https://www.brighttalk.com/communication/168153/slide2_001.png)
![solarwinds security solarwinds security](https://www.crn.com/resources/0264-11251f7d9fbe-f52bbc04a066-1000/microsoft-365-security.jpg)
![solarwinds security solarwinds security](https://www.computerperformance.co.uk/images/solarwinds/siem.jpg)
SolarWinds also is investigating in collaboration with Microsoft as to whether any customer, personnel or other data was exfiltrated as a result of this compromise but has uncovered no evidence at this time of any such exfiltration. SolarWinds, in collaboration with Microsoft, has taken remediation steps to address the compromise and is investigating whether further remediation steps are required, over what period of time this compromise existed and whether this compromise is associated with the attack on its Orion software build system. SolarWinds was made aware of an attack vector that was used to compromise the Company’s emails and may have provided access to other data contained in the Company’s office productivity tools. SolarWinds uses Microsoft Office 365 for its email and office productivity tools. SolarWinds is also working with Microsoft to remove an attack vector leading to the compromise of targets' Microsoft Office 365 office productivity tools. Securities and Exchange Commission, SolarWinds also said that it "believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000." As such, we are limited as to what we can share at this time." "We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters.
Solarwinds security manual#
"We believe that this vulnerability is the result of a highly-sophisticated, targeted, and manual supply chain attack by a nation-state. "We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products," Kevin Thompson, SolarWinds President and CEO, told BleepingComputer.
Solarwinds security update#
SolarWinds' customer listing (with over 300,000 customers worldwide) includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.ĭHS-CISA has also issued an alert over the weekend warning of active exploitation of trojanized SolarWinds Orion Platform software versions which the attackers use to deploy a backdoor on unpatched servers via the update mechanism.ĭHS-CISA also issued Emergency Directive 21-01 which orders all federal civilian agencies to "immediately disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, from their network." The agencies are also prohibited from "(re)joining the Windows host OS to the enterprise domain." Roughly 18,000 customers downloaded trojanized SolarWinds Orion versions The list of victims of this large scale attack, coordinated by what Microsoft and FireEye consider to be nation-state hackers, include several federal agencies such as the US Treasury and the US National Telecommunications and Information Administration (NTIA), as first reported by Reuters. Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate.