Hackers believed to be operating on behalf of the Russian government have gained access to software provider SolarWinds, then deployed an update containing a trojan which created a backdoor to its “Orion” remote monitoring platform which has been used to attack networks of multiple US companies and government networks including the US Treasury and last weeks breach of the cyber security firm FireEye which lead to the theft of its penetration testing tools.
It is believed that the attack may have occurred in Spring 2020. In a statement, Solarwinds confirmed that they were “aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020”
“This vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”
SolarWinds also said that it plans to release a new update on Tuesday, 15th December that “replaces the compromised component and provides several additional security enhancements.” “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency (CISA), which has released an emergency directive, urging federal agencies to review their networks and power down SolarWinds Orion products immediately