- Posted: Tuesday December 15 2020 09:35
CISA, the Cybersecurity & Infrastructure Security Agency, has issued a warning regarding “the active exploitation of the software versions of the SolarWinds Orion 2019.4 HF 5 to 2020.2.1 HF 1 platform, released between March 2020 and June 2020”.
The incident is unusual in that it is an attack on trusted enterprise software, as the attackers designed the software to distribute malware under the guise of a standard software update.
SolarWinds has confirmed the issue to be valid, stating that it “has just been informed that our systems have suffered a highly sophisticated manual supply chain attack on SolarWinds Orion platform software releases for 2019.4 HF 5 releases. and 2020.2 without patch nor 2020.2 HF 1. “
It appears the attack was led by an outside nation-state and was intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a large, system-wide attack, according to SolarWinds.
FireEye, the company that discovered the problem, says the actors behind this attack have used it to gain access to many public and private organizations around the world, as of spring 2020 and currently underway. Post-compromise activity following this supply chain compromise has included lateral movement and data theft.
Read the CISA warning.