The US Treasury and Commerce issued a warning to employees to disconnect from SolarWinds Orion products.
Major software provider SolarWinds confirmed themselves that they had been targeted by a highly sophisticated cyber-attack. This has led to US companies and government networks being infected.
The manual attack is believed to have been conducted by an outside nation state and targeted specifically instead of being a broader system wide attack.
SolarWinds has made this statement:
“We are working to investigate the impacts of this incident and will continue to update you as we are made aware of any interruptions or impacts to your business specifically.”
The US Cybersecurity and Infrastructure Security Agency (CISA) have warned that the attack “poses an unacceptable risk to the Federal Civilian Executive Branch” and asked employees of the governmental departments to “immediately disconnect or power down” the SolarWinds Orion products.
The attack managed to exploit a certain version of the SolarWinds Orion product that these organisations were all using.
The news of the attack has come shortly after we covered in our previous blog where a leading Cyber Security company FireEye confirmed that they also fell victim to a large-scale state sponsored hack.
Although it is believed that both attacks are Russian led, the Embassy of Russia have denied involvement. A post on Facebook stated:
“Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations” and “Russia does not conduct offensive operations in the cyber domain.”
FireEye have now confirmed that the SolarWinds hack and on their supply chain is how they were targeted in their recent breach where they made off with their own advanced penetration tools.