To embed, copy and paste the code into your website or blog:
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the Orion software build system for certain versions of the software, and trojanized software updates were distributed to customers between March and June 2020. According to SolarWinds, this attack may affect as many as 18,000 customers. As a result of this attack, several key government agencies have reported that hackers were able to break into their networks, including the Department of Homeland Security (DHS), as well as the Commerce and Treasury Departments. The Cybersecurity and Infrastructure Security Agency (CISA) within DHS has advised that both public and private sector organizations using certain Orion products may be at risk of compromise.