Security News > 2020 > December > US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack
Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products."
The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.
The Washington Post also reported that not only were the government hacks made possible via SolarWinds' software, the attack was perpetrated by Russian hacking group APT29, aka Cozy Bear.
Long story short, this is a bad one and made worse by the fact that SolarWinds offers infrastructure monitoring but appears not to have been able to keep its own website and APIs clean.
SolarWinds says of its 300,000-plus customers, no more than 18,000 installed the backdoored update, which includes the US government.
News URL
Related news
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)
- Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks (source)
- Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst (source)