To print this article, all you need is to be registered or login on Mondaq.com.
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a highly
sophisticated, manual supply chain attack by a nation state
affecting its Orion Platform, which is used by a wide variety of
public and private sector organizations for IT infrastructure
monitoring and management. In this attack, adversaries were able to
compromise the Orion software build system for certain versions of
the software, and trojanized software updates were distributed to
customers between March and June 2020. According to SolarWinds,
this attack may affect as many as 18,000 customers. As a result of
|
About |
Andy Patrizio is a freelance technology writer based in Orange County, California. He s written for a variety of publications, ranging from Tom s Guide to Wired to Dr. Dobbs Journal.
SolarWinds roundup: Fixes, new bad actors, and what the company knew
Reporting since the SolarWinds hack was revealed indicates the company was warned about insecurities years ago, and another hack has been discovered. v-graphix / Getty Images
The SolarWinds Orion security breach is unfolding at a rapid pace, and the number of vendors and victims continues to grow. Each day brings new revelations as to its reach and depth. Of particular concern are the rate of infection and impact on government systems.
SolarWinds roundup: Fixes, new bad actors, and the company knew networkworld.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from networkworld.com Daily Mail and Mail on Sunday newspapers.
To embed, copy and paste the code into your website or blog:
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the Orion software build system for certain versions of the software, and trojanized software updates were distributed to customers between March and June 2020. According to SolarWinds, this attack may affect as many as 18,000 customers. As a result of this attack, several key government agencies have reported that hackers were able to break into their networks, including the Department of Homeland Security (DHS), as well as the Commerce and Treasury Departments. The Cybersecurity and Infrastructure Security Agency (CISA) within DHS has advised that both public and private
What Data Center IT Security Pros Must Know About the SolarWinds Vulnerability The unprecedented attack, whose full scope is yet to be determined, gave those behind it access to some of the most sensitive enterprise systems.
On Sunday, we learned that federal agencies and other organizations had been penetrated by nation-state attackers, identified as Russian by multiple sources.
Though the definitive attribution for the attacks won t come for a while, we do know how the attack occurred.
SolarWinds Orion, a widely used network monitoring tool, had been compromised. In what s known as a supply chain attack, the attackers injected malware into the update code last March, and customers had been installing a Trojan each time they ran an update.