Security News > 2020 > December > VMware Flaw a Vector in SolarWinds Breach?

VMware released a software update to plug the security hole on Dec. 3, and said it learned about the flaw from the NSA. The NSA advisory came less than 24 hours before cyber incident response firm FireEye said it discovered attackers had broken into its networks and stolen more than 300 proprietary software tools the company developed to help customers secure their networks.

On Dec. 13, FireEye disclosed that the incident was the result of the SolarWinds compromise, which involved malicious code being surreptitiously inserted into updates shipped by SolarWinds for users of its Orion network management software as far back as March 2020.

In response to questions from KrebsOnSecurity, VMware said it has "Received no notification or indication that the CVE 2020-4006 was used in conjunction with the SolarWinds supply chain compromise."

On Dec. 17, DHS's Cybersecurity and Infrastructure Security Agency released a sobering alert on the SolarWinds attack, noting that CISA had evidence of additional access vectors other than the SolarWinds Orion platform.

Several media outlets, including The New York Times and The Washington Post, have cited anonymous government sources saying the group behind the SolarWinds hacks was known as APT29 or "Cozy Bear," an advanced threat group believed to be part of the Russian Federal Security Service.

News URL

https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/