Please be advised that SolarWinds has issued an urgent security advisory for their Orion Platform.
It’s claimed that nation-state actors aggressively targeted at least two U.S. Government Agencies to include the US Department of Treasury and the National Telecommunications and Information Administration. Additionally, other global organisations in various industries ranging from telecoms, major retail chains and banks (who are SolarWind’s customers) may have been hit as well.
The impact:
This attack resulted in a backdoor remote execution access to servers running the vulnerable versions. A sophisticated threat actor gained access to the network and are using admin permissions (acquired through the on-premises compromise) to gain access to the organisation’s global customer’s accounts.
The remediation:
If possible, it’s recommended by the Cybersecurity and Infrastructure Security Agency to disconnect the affected devices. If not possible, you should implement the hotfix by upgrading to Orion Platform version 2020.2.1 HF 1 as soon as possible. Logon to the SolarWinds portal to get the latest update. Do note: a second hotfix is expected to release on 15 December 2020.
More details can be found here: Security Advisory | SolarWinds
If you have any questions, do not hesitate to contact us.
Source: SolarWinds