US Department of Treasury and US Department of Commerce were breached in a Nation-State attack suspected to be of Russian origin. Hackers were able to monitor email traffic from the two government agencies for months, in a highly sophisticated supply chain attack that specifically targeted government agencies. The breach originated in a plugin update for SolarWinds IT platform, Orion. The malicious software was hidden in a legitimate software update and laid dormant for two weeks before activating. Orion is a complete IT business framework that includes application, network, and security monitoring. SolarWinds has contracts with military and intelligence services, as well as large corporations across the US.
While the target was focused on government agencies, any organization using the Orion platform is affected.
The attack was first detected by FireEye, a large cybersecurity firm based in California. On December 8th, FireEye disclosed their Red Team Tools had been stolen through the Orion vulnerability. The initial malware was first installed on systems in March 2020 and again in June 2020, as Orion updates were applied.
Microsoft has issued guidance to remediate the affected systems. Microsoft has also published a set of indicators of compromise “IOC” which will be used by firewall and antivirus companies to detect block further infections.
Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive Sunday to, “disconnect or power down SolarWinds Orion products immediately.”
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales.
This is only the fifth Emergency Directive issued by CISA since its inception. See Emergency Directive Here.
SolarWinds software versions 2019.4 – 2020.2.1 are the updates affected. Most IT Security news outlets believe this reporting is the tip of the iceberg. Hackers had access to government emails from March or June of this year until last week.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
