Security News
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others." Characterizing the hack as "a moment of reckoning," Microsoft president Brad Smith said it has notified over 40 customers located in Belgium, Canada, Israel, Mexico, Spain, the UAE, the UK, and the US that were singled out by the attackers.
Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. CISA has directed everyone to remove SolarWinds from their networks.
Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers. Tonight, Reuters released a report stating that sources indicated that Microsoft was not only compromised in the SolarWinds supply-chain attack but also had their software modified to distribute malicious files to its clients.
Nation-state hackers have breached the networks of the National Nuclear Security Administration and the US Department of Energy. NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.
Nation-state hackers have breached the networks of the National Nuclear Security Administration and the US Department of Energy. NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.
The FBI has been tasked with collecting intelligence that can help attribute the attack to a threat actor and disrupt their activities. The agency is also working with victims to obtain information that can be useful to the government and network defenders.
An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.
Whether your organization uses the vulnerable SolarWinds software or you want to defend yourself against similar exploits, here are recommendations from four sources. Customers running Orion Platform version 2019.4 HF 5 are urged to update to 2019.4 HF 6.Further, the hotfix release 2020.2.1 HF 2 is available in the SolarWinds Customer Portal.
Few people were aware of SolarWinds, a Texas-based software company providing vital computer network monitoring services to major corporations and government agencies worldwide. It's raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.
The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.