SolarWinds admits product updates were subverted by nation state while FireEye warns exploit is rampant

2020-12-14 02:10

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products."

The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

The Washington Post also reported that not only were the government hacks made possible via SolarWinds' software, the attack was perpetrated by Russian hacking group APT29, aka Cozy Bear.

Long story short, this is a bad one and made worse by the fact that SolarWinds offers infrastructure monitoring but appears not to have been able to keep its own website and APIs clean.

SolarWinds says of its 300,000-plus customers, no more than 18,000 installed the backdoored update, which includes the US government.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/14/solarwinds_fireeye_cozybear/

#exploit #fireeye #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	102	74	36	245
Fireeye		8	0	8	2	0	10