Keeping you up to date with the latest news & research on the SolarWinds supply chain attack
The SolarWinds hack is shaping up to be the most serious supply chain attack ever encountered. The perpetrators were able to breach and insert malicious code into the SolarWinds Orion software, compromising thousands of users across the globe, including Fortune 1000 companies and major US Government agencies.
What can you do to keep your ecosystem secure and stop your third-party vendors from putting you at risk? Here’s a collection of resources to learn more about the SolarWinds breach, steps you can take to make your ecosystem more secure, and improve your third-party risk management program to minimize risk.
December 13, 2020
FireEye released a blog post that provided further details indicating the company was breached through a highly evasive supply chain attack on SolarWinds.
CISA (The Cybersecurity and Infrastructure Security Agency) asks all agencies operating SolarWinds products to report by 12pm EST on Monday December 14, 2020 and issues an emergency directive -- Emergency Directive 21-01.
SolarWinds released a security advisory ( this page has been changing without dates margs ) said it plans to release an Orion update on Tuesday that will contain code to remove any traces of the malware from customer systems.
December 14, 2020SolarWinds on a SEC filing said that of its 300,000 total customers, only 33,000 were using Orion, a software platform for IT inventory management and monitoring, and that fewer than 18,000 are believed to have installed the malware-laced update. SolarWinds also announced that it learned from Microsoft about a compromise of its Office 365 email and office productivity accounts.
December 16, 2020
BitSight releases a blog post about SolarWinds Orion prevalence and confirms that it is most frequently seen within the Government and Technology sector and mainly deployed in the USA.
Joint statement by the Federal Bureau of investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI).
December 18, 2020
BitSight shows in a blog post the initial reaction and removal of SolarWinds Orion instances seen on the Internet in the first week. While 70% of servers with trojanized versions were remediated or removed from Internet access, only 8% of instances were removed from public access.
SolarWinds stocks $SWI fell 40% in the first week.
December 23, 2020
BitSight adds to the Security Ratings Platform product information about live connected SolarWinds Orion servers observed on the Internet including trojanized versions.
BitSight creates a "SolarWinds Attack Resource Center" for customers.
December 26, 2020
A new CVE is assigned to a different SolarWinds Orion API vulnerability. This vulnerability allows unauthenticated remote command execution and it’s being explored by installation of malicious web shells on the attacked Orion servers.
The vulnerability receives the codename “SUPERNOVA” .
December 28, 2020
BitSight adds to Security Ratings Platform product potential and under investigation Security Incidents for organizations whose names are linked to contacts to the attacker’s C2 infrastructure, based on decoding a domain generation algorithm (DGA).
December 31, 2020
Microsoft says that no customer or PII data was compromised, but the compromised internal account had access to several source code repositories for Microsoft’s products.
January 11, 2021
CrowdStrike releases technical analysis of “SUNSPOT”, malware that was deployed into the build environment to inject this backdoor into the SolarWinds Orion platform.
Kaspersky Labs see algorithms similarity between another malware called Kazuar and “SUNBURST”, and suggest attribution to Turla Group.