Security News > 2020 > December > Hackers breached U.S. government agencies via compromised SolarWinds Orion software

A "Highly sophisticated" hacking group has breached the U.S. Treasury Department, the U.S. Department of Commerce's National Telecommunications and Information Administration, other government agencies and private sector companies via compromised SolarWinds Orion software.

"Although we do not know how the backdoor code made it into the library, from the recent campaigns, research indicates that the attackers might have compromised internal build or distribution systems of SolarWinds," Microsoft noted, and added that the backdoor was distributed via automatic update platforms or systems in target networks.

SolarWinds has confirmed that SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020, have been compromised and that a "Clean" version is now available for download. "An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements," the company noted.

The U.S. Cybersecurity and Infrastructure Security Agency issued an Emergency Directive instructing "All federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately."

SolarWinds has filed a report with the U.S. SEC, in which it stated that "The vulnerability was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/nPWk_qhsfOE/