Malware incites flareup in SolarWinds’ Orion products. Hackers from outside parties hacked into SolarWinds, a software provider, in the evening of December 13. These individuals infected the provider’s Orion products, which are utilized to monitor and manage IT resources. The hackers slipped the malware into the products’ versions released between March 2020 to June 2020.
Discovering the system breach, SolarWinds alerted its customers via a press release with its upcoming plans and safety measures. Their 2020.2.1 HF 1 update will ensure the customer’s system security. The following update, HF 2, will remove the malware.
This malicious supply chain attack struck several US companies and federal departments who utilize SolarWinds’ Orion products. ZAPNet’s article identifies several victims as the US Treasury Department; the US security firm FireEye, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), and Microsoft.
The Cybersecurity and Infrastructure Security Agency (CISA) delivered an emergency directive the same evening as SolarWinds’ press release. It calls upon the agencies utilizing the Orion Products to investigate for any compromises on their systems.
Speculation within ZAPNet’s article implies the malware, called Sunburst by FireEye, may have originated from Russia. However, FireEye does not confirm the involvement while the evidence suggests the possibility.
ZAPNet’s article’s further analysis indicates the malware to not be directed solely at the United States. FireEye explains the malware will most likely affect other countries and organizations.