Skip to main content
close search
site logo
Dive Brief

SolarWinds Orion flaw linked to government cyberattacks

Published Dec. 14, 2020
David Jones's headshot
Reporter
Carol M. Highsmith [Public domain], from Wikimedia Commons

Dive Brief:

  • Federal authorities are investigating a cyber breach by a suspected nation-state that targeted government agencies and is linked to a potential vulnerability that emerged during an update of SolarWinds Orion monitoring software during the spring of 2020. Reuters is attributing the attack to Russia, which has denied the allegations.
  • The Cybersecurity and Infrastructure Agency issued an emergency directive Sunday calling on all federal civilian agencies to review their networks for evidence of compromise and to disconnect or power off SolarWinds Orion products immediately. The directive comes after the Department of Commerce confirmed a breach hit one if its bureaus, and has asked the FBI and CISA to investigate. The Department of Treasury was breached, according to Reuters reports, however a spokesperson for the agency did not immediately respond to a query.
  • SolarWinds confirmed it is aware of a potential vulnerability that may be related to updates released between March and June of its Orion monitoring products. The vulnerability is believed to be the result of a "highly sophisticated, targeted and manual supply chain attack by a nation state," the company said. 

Dive Insight:

SolarWinds, network performance and systems monitoring software provider, has more than 300,000 customers worldwide, including more than 425 of the U.S. Fortune 500 companies, according to the company. It is not immediately known how many customers rely on SolarWinds Orion. 

SolarWinds is working with FireEye, the FBI, the intelligence community and other law enforcement agencies to investigate the attacks. The company said it is limited in what it can share at this time. 

FireEye said it was aware of a global intrusion campaign that trojanized SolarWinds Orion business software updates to distribute malware that it calls SUNBURST, the company said Sunday. The campaign has impacted public and private institutions around the world, and the attackers have used multiple techniques to evade detection.

"The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors," FireEye CEO Kevin Mandia wrote in a separate blogpost released Sunday. 

FireEye released signatures on GitHub that can be used to detect the supply chain attack in the wild. 

"We have been working closely with our agency partners regarding recently discovered activity on government networks," a CISA spokesperson said in a statement. "CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises."

The FBI confirmed that it was aware of the alleged hacking, and said it was "appropriately engaged" but declined to comment further.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell