Security News > 2020 > December > US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack
Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products."
The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.
The Washington Post also reported that not only were the government hacks made possible via SolarWinds' software, the attack was perpetrated by Russian hacking group APT29, aka Cozy Bear.
Long story short, this is a bad one and made worse by the fact that SolarWinds offers infrastructure monitoring but appears not to have been able to keep its own website and APIs clean.
SolarWinds says of its 300,000-plus customers, no more than 18,000 installed the backdoored update, which includes the US government.
News URL
Related news
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)
- SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)