SolarWinds users beware...

Sinbad

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
88,618
Reaction score
41,121
A threat actor has compromised the software update process of Orion and related tools.

3fe7d3fbad8deca621850070cff403e7.jpg


This has been used in the wild to exfiltrate data from the likes of the US treasury department...

https://twitter.com/x/status/1338333795011993603
 
WASHINGTON (Reuters) - IT company SolarWinds said on Sunday that monitoring products it released in March and June of this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”

The statement came as the U.S. intelligence community urgently investigates breaches at several government agencies, including the U.S. Treasury and Department of Commerce. The breach - which two people familiar with the investigation said was connected to a previously announced intrusion at cybersecurity firm FireEye - is currently believed to be the work of Russians.

SolarWinds did not directly comment on the breaches but said it is “acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”
Click to expand...

Reuters

Saw this on twitter as well.

The Cybersecurity and Infrastructure Security Agency instructed federal civilian agencies to review their networks and immediately power down SolarWinds Orion products after hackers stole information from the US Treasury Department and a US agency responsible for deciding policy around the internet and telecommunications, according to Reuters.
Click to expand...
 
Shodan query "http.favicon.hash:-1776962843", 31 hosts in SA.
1608092171300.png
 
In a press release dated October 30, the SEC said that from the company’s IPO (initial public offering) in October 2018 until December 2020, when it revealed that it had been the victim of a cyber attack, SolarWinds had defrauded investors by overstating its cybersecurity practices and downplaying the risks it faced.

The attack, known as SUNBURST, compromised the company’s Orion IT monitoring and management software, enabling the attackers, the Russian nation-state group Nobelium, to push malicious updates to SolarWinds customers, affecting tens of thousands of organizations, including the U.S. government. It was one of the biggest supply-chain attacks ever recorded.

However, according to the SEC, the company’s SEC filings “allegedly misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.”
Click to expand...

www.itgovernanceusa.com

SEC Charges SolarWinds and its CISO with Fraud - IT Governance USA Blog

The SEC (Securities and Exchange Commission) has charged the software company SolarWinds and its CISO (chief information security officer), Timothy G. Brown, with fraud and internal control failures relating to its cybersecurity practices.
www.itgovernanceusa.com www.itgovernanceusa.com
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X