The impacted software is SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 ⦠SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This breach affects SolarWindsâ Orion products and is rapidly evolving. Even if your organization isnât running SolarWinds products, it still might not be out of the woods. SolarWinds CEO describes overhauled Orion build system after that 'very small, unique' security breach 'This can happen to anybody. The SolarWinds hack by suspected nation-state threats actors has impacted an estimated 18,000 of its 300,000 customers worldwide. Also, the company is striving to spin out its SolarWinds MSP business as a standalone, publicly traded company, in 2021. âSolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 ⦠We are aware that Malware was distributed through SolarWinds Orion software as part of a global intrusion campaign known as Sunburst. Hack comes months after zero-day exploit of RMM tool. CyberUK 21 SolarWindsâ chief exec has described the 18,000 customers who downloaded backdoored versions of its Orion software as a âvery smallâ number while giving a speech to an infosec event. While the SolarWinds Orion Platform has suffered a data breach, many other platforms are gaining ground in a competitive marketplace where network, application, and resource monitoring is crucial for business growth. It remediated or initiated the process of remediating vulnerabilities, a regular process that continues today. The software maker also said it expects an additional hotfix, 2020.2.1 HF 2, to be released Tuesday. The SolarWinds Orion security breach is unfolding rapidly, and the number of victims In todayâs WatchBlog post, we look at this breach and the ongoing federal government and private-sector response. Orion Platform 2020.2 adds support for the following vendors and devices. SolarWinds Data Breach and SecurityMetrics Response. 1 The latest SolarWinds breach news Victims of the SolarWinds backdoor attack continue to be revealed as big tech companies and organizations discover malware infections and act to mitigate risks. SolarWinds reported on December 13th, 2020 that hackers had exploited a zero-day vulnerability and were able to insert malware into a service that provided software updates for its Orion platform to SolarWinds customers. In response, SolarWinds issued an advisory on Wednesdaywith several recommendations. The lawsuit relates to the breach of the December 11, 2020: while conducting breach investigations, FireEye discovers that SolarWinds had been attacked. SolarWinds urged all customers to immediately upgrade to Orion Platform version 2020.2.1 HF 1. The attackerâs post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection. This malware is not believed to be related to the SolarWinds.Orion.Core.BusinessLayer.dll supply chain attack. There's always learning in any crisis. In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The SolarWinds breach is particularly damaging from a PAM perspective. With⦠SolarWinds Orion Platform Breach What You Need to Know In early December 2020, a highly advanced threat actor breached the cybersecurity company FireEye. The threat actors trojanized SolarWindsâ Orion business software updates in order to distribute malware to corporate and other enterprise end-users. However, the number of affected organizations may be larger than reported as the SolarWinds Orion platform is a popular product among government agencies and Fortune 500 companies. SolarWinds reported that the flaw affects Orion Platform builds for version 2019.4 HF 5, version 2020.2 with no hotfix installed, and version 2020.2 HF 1. SolarWinds Orion breach â Sunburst. SolarWinds Corporation and two of its top executives have been hit with a class action lawsuit from its shareholders. The primary goal of the Dark Halo threat actor was to obtain the e-mails of specific individuals at the think tank. Finally, in a third incident, Dark Halo breached the organization by way of its SolarWinds Orion software in June and July 2020. According to a tweetfrom Dustin Volz, reporter for The Wall Street Journal, the source of the breach was âa flaw in I⦠The SolarWinds breach is an example of a supply chain attack, in which the hackerâs intrusion into the victimâs network is facilitated by first compromising one of the victimâs trusted suppliers. The executives in question are outgoing CEO, Kevin Thompson, and chief financial officer, J. Barton Kalsu. During its investigation, FireEye discovered a previously unknown Per an advisory published by the Cybersecurity & Infrastructure Security Agency, or CISA, potential victims should identify which victim category they fall into based on the whether or not they installed the following binaries and contacted the command and control (C2) server: From the spring of 2020 on, SolarWindsâ enterprise platform, Orion, was quietly compromised by attackers. 1. SolarWinds does not provide a comprehensive list of all supported devices. According to the Microsoft TAR and the FireEye blog post, a âhighly sophisticatedâ adversary managed to breach the supply chain of SolarWinds, a company that develops IT infrastructure management software, resulting in the placement of malicious code inside of the companyâs Orion Platform software builds. Additional reporting has since confirmed a direct connection between this breach and last weekâs breachof cybersecurity firm FireEye. SolarWinds was the victim of a cyber-attack where a vulnerability was inserted into its Orion platform. During that time, through to today, SolarWinds investigated various vulnerabilities in its Orion Platform. WASHINGTON â The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. What should organisations do? On December 13, several news outlets, including Reuters, The Washington Post and The Wall Street Journal, reported that multiple U.S. government agencies were the victims of a significant breach reportedly linked to hackers associated with a nation-state. The malicious SUNBURST code had corrupted all the Orion releases made between March and June 2020. Gentrack does not use SolarWinds Orion and a thorough review of our wider estate and has confirmed that SolarWinds Orion is not deployed across any Group platform. SolarWinds has issued a security advisory urging customers to update to version 2020.2 HF 1 of its Orion Platform. a highly sophisticated cyber intrusion that leveraged a commercial An integral component of the breach was compromising SAML signing certificates the bad actors gained by ⦠This isnât the first time that SolarWindsâ ⦠This included a handful of select executives, policy experts, and the IT staff at the organization. On December 11 th, 2020, the U.S. government and the company SolarWinds disclosed a breach into their SolarWinds Orion Platform network management software. This attack was conducted by a sophisticated and likely nation-state based attacker. As many as 18,000 SolarWinds customers â out of a total of 300,000 â may have been running software containing the vulnerability that allowed ⦠The cyberattack and data breach were reported to be among the worst cyber-espionageincidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access. SolarWinds says upgrade and patch after Orion Platform breached. Currently, the SolarWinds security breach has been linked to ⦠Customers running the Even if you donât use the SolarWinds Orion Platform, one of your business partners may be among the 18,000 organizations potentially affected by this breach. If your device supports standard SNMP MIB2, it can be monitored with the Orion Platform. The Daily Dot claims that a Dominion Voting Systems spokesperson said âDominion Voting Systems does not now â nor has it ever â used the SolarWinds Orion Platform, which was subject of the DHS emergency directive dated ⦠The perpetrators remained undetected and removed the SUNBURST malicious code from our environment in June 2020. They were able to identify a trojanized SolarWinds Orion update, which they named SUNBURST, as the breach origin. The SolarWinds Orion platform hack is slowly turning out to be one of the most significant hacks in recent years. This tactic permits an attacker to gain access to network traffic management systems. Tuesday, January 5, 2021: Russia Allegedly Behind Attacks: A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal ⦠SolarWinds Orion, the popular IT system management platform, has been compromised and may be used for onward attacks against systems connected to ⦠Disconnecting affected devices, as described below in Required Action 2, is the only known mitigation measure currently available. The SolarWinds Orion breach surfaced during a time of transition at the company. From Sunburst to SuperNova: SolarWinds Breach Updates. CrowdStrike FireEye Orion SolarWinds breach Sudhakar Ramakrishna Sunburst malware Sunspot malware Teardrop malware Sealed U.S. Court Records Exposed in SolarWinds Breach ⦠SolarWinds Orion Platform Compromise On Dec. 13, FireEye confirmed a SolarWinds supply chain attack as the cause of their breach via a malware-laced update for the SolarWinds Orion IT network monitoring software (affected SolarWinds Orion versions 2019.4 HF 5 and 2020.2 with no hotfix installed, and 2020.2 HF 1). It will also be releasing an additional hotfix 2020.2.1 HF 2 on Tuesday, December 15th. They realize that this was a supply chain hack where the attackers had corrupted and weaponized SolarWindsâ Orion Platform updates. Supply chain attacks can generate wide âripple effectsâ, due to the interdependencies that characterise the global economy. SolarWinds and our customers were the victims of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. As you may be aware, Austin-based software company SolarWinds recently experienced the largest security compromise in U.S. history. SolarWinds, a popular IT security vendor with 300,000 global customers (including many small to medium size businesses and their Managed Service Providers), has suffered a major compromise. SolarWinds and our customers were the victims of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. The SolarWinds ® Orion ® Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environments in a single pane of glass. Supported vendors and devices added in Orion Platform 2020.2. The Orion update servers were weaponized, affecting 18,000+ private and government organizations, including the Departments of State, Homeland Security, Energy, Treasury, Commerce, the Pentagon and the National Institutes of Health. On Sunday, FireEye provided an update stating that the campaign started as early as Spring 2020 and included significantly more victims than just themselves. Organisations using the compromised Orion platform could potentially have allowed an attacker to move into other parts of its IT Network and systems and breach personal data. The cybersecurity breach of SolarWindsâ software is one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector. SolarWinds published a press release late on Sunday admitting to the breach of Orion, a software platform for centralized monitoring and management, usually employed in ⦠Indeed a planned CEO transition from Kevin Thompson to Sudhakar Ramakrishna occurred on January 4, 2021. How the SolarWinds Orion security breach occurred: A timeline involving CrowdStrike, FireEye, Microsoft, FBI, CISA & allegations vs. Russia. The breach of the SolarWindsâ Orion platform was announced this month, just six days before SolarWinds investors sold hundreds of millions of dollars in stock. The SolarWinds backdoor malware hit Orion Platform versions 2019.4 HF5 through 2020.2.1, which were released between March 2020 and June 2020.