18,000 organizations possibly compromised in massive supply-chain cyberattack

Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.

In what may well turn out to be one of the most significant supply-chain attacks in recent years, a likely nation-state backed group compromised systems at SolarWinds and inserted malware into updates of the company’s widely used Orion network management products that were released between March and June 2020.

In total, about 33,000 of SolarWinds’ 300,000 customers — which include numerous government agencies, 499 of the Fortune 500 companies, and over 22,000 managed service providers — could have potentially received the compromised software updates. Some 18,000 organizations worldwide may have actually installed the poisoned software on their systems, SolarWinds said in a SEC filing Monday.

The filing suggested that attackers might have initially broken into SolarWinds’ systems by compromising the company’s emails and using that to access other data in its Microsoft Office 365 environment.

Victims of the massive breach are believed to include the US Treasury Department, the National Telecommunications and Infrastructure Administration, and security vendor FireEye, which last week disclosed a breach involving the theft of the company’s red team tools.

In a measure of the widespread concern the breach has stoked, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive Sunday urging all federal civilian agencies using SolarWinds’ Orion products to immediately power down or disconnect the technology. The Emergency Directive, only the fifth since 2015, described the SolarWinds compromise as posing an unacceptable risk to the security of federal networks. It ordered all federal civilian agencies to provide a report to CISA no later than 12:00 p.m. Eastern Standard Time Monday showing that they had shut down the SolarWinds Orion technology on their networks.

To read the complete article, visit Dark Reading.