The firm had previously releasing detections alerting users to the presence of these binaries, with the recommendation to isolate and investigate the devices in question. It seems these measures, however, aren’t strong enough relative to the scale and severity of the threat.
Compromised versions of SolarWinds Orion released between March and June 2020 contained the strain of malware that Microsoft has dubbed Solorigate, leading to the infiltration of thousands of organisations.
FireEye was the first company that detected it had been compromised by state-backed hackers, and only after closer examination did the company find the hackers had a backdoor into SolarWinds. It has since emerged that at least 18,000 SolarWinds customers have been potentially compromised as part of the attack, including massive corporations and US government agencies.
By Eduard Kovacs on December 16, 2020
SolarWinds has released a second hotfix for its Orion platform in response to the recent breach, and the company has decided to remove from its website a page listing some of its important customers.
IT management and monitoring solutions provider SolarWinds revealed this week that sophisticated threat actors compromised the build system for its Orion monitoring platform, which allowed the attackers to deliver trojanized updates to the firm’s customers between March and June 2020. The hackers could then compromise the servers of the organizations that downloaded, implemented or updated Orion products in that timeframe.
Shortly after news of the breach broke, the company informed customers about the availability of a hotfix, but promised to release a second hotfix that replaces the compromised component and provides additional security enhancements.
Scope of SolarWinds hack grows as Microsoft moves to protect customers
SHARE
More details continue to emerge on the hack of software from SolarWinds WorldWide LLC used by the U.S. government and others as Microsoft Corp. today moved to protect customers from the compromise.
The hack, first reported Sunday and blamed on Russian state-sponsored hackers, came about after SolarWinds pushed compromised software to some 18,000 of its customers in both March and June. The dates are relevant because it’s likely that those behind the compromise have been stealing data since March.
Which companies and government departments have been affected is not entirely clear at this time, since only some have come forward to admit they have been compromised. First was the U.S. Commerce and Treasury Departments, with Homeland Security also now reported to have been attacked. Although not officially confirmed, there are now reports that the State Department and the Nationa
minute read
Share this article:
Meanwhile, FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack.
SECOND UPDATE
A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password (“SolarWinds123”) that gave attackers an open door into its software-updating mechanism; and, SolarWinds’ deep visibility into customer networks.
Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that SolarWinds may not be alone in its use in the campaign. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” it said in an updated bulletin on Thursday.
Kremlin-backed hackers breach US Treasury and Commerce: by Tyler Van Dyke ruthfullyyours.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from ruthfullyyours.com Daily Mail and Mail on Sunday newspapers.