Security News

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. In a security advisory, Austin, Texas based SolarWinds acknowledged its systems "Experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.".

A "Highly sophisticated" hacking group has breached the U.S. Treasury Department, the U.S. Department of Commerce's National Telecommunications and Information Administration, other government agencies and private sector companies via compromised SolarWinds Orion software. "Although we do not know how the backdoor code made it into the library, from the recent campaigns, research indicates that the attackers might have compromised internal build or distribution systems of SolarWinds," Microsoft noted, and added that the backdoor was distributed via automatic update platforms or systems in target networks.

Trojanized versions of SolarWinds' Orion IT monitoring and management software have been used in a supply chain attack leading to the breach of government and high-profile companies after attackers deployed a backdoor dubbed SUNBURST or Solorigate. SolarWinds' customer listing [1, 2] includes over 425 of the US Fortune 500, all top ten US telecom companies, hundreds of universities and colleges, all five branches of the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.

The motive and the full scope of what intelligence was compromised remains unclear, but signs are that adversaries tampered with a software update released by Texas-based IT infrastructure provider SolarWinds earlier this year to infiltrate the systems of government agencies as well as FireEye and mount a highly-sophisticated supply chain attack. "The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, which has released an emergency directive, urging federal civilian agencies to review their networks for suspicious activity and disconnect or power down SolarWinds Orion products immediately.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

SolarWinds and its Board of Directors have named Sudhakar Ramakrishna as the company's new President and Chief Executive Officer and a member of the Board of Directors, each to become effective on January 4, 2021. "Following an extensive and thorough search, we are delighted to welcome Sudhakar Ramakrishna as SolarWinds' new CEO as we embark on an exciting new chapter in the company's history," said Bill Bock, Chairman of the Board of SolarWinds.

SolarWinds announced an expansion of their monitoring capabilities within the Cisco Meraki Marketplace, which is now able to integrate the Cisco Meraki Dashboard API with SolarWinds N-central. "Cisco Meraki offers a comprehensive set of cloud solutions that give IT providers the opportunity to streamline and simplify the digital workplace, a goal that has never been more paramount as the definition of the workplace is in flux. Daily shifts from work from home and returning to the office require an elastic office space and IT infrastructure," said Mav Turner, group vice president of products for SolarWinds MSP. "This goal is fully aligned with SolarWinds MSP, as we work to empower MSPs to more easily fulfill a market need that has spiked almost overnight. As MSP customers seek their help more than ever, we believe the integration with Cisco Meraki and N-central will play another important role in supporting them."

Which works to detect and compare configuration changes to servers, databases, and applications, now integrates a policy compliance engine aimed at helping IT teams simplify and more efficiently achieve compliance and compliance reporting, with an initial focus on the federal space. By integrating a policy compliance engine focused on select STIG policies, makes it easier for federal IT pros to automatically check systems and applications for STIG compliance, deliver clear and quick compliance results for auditing purposes, and identify non-compliant elements for more efficient remediation.