SolarWinds compromise highlights the threat of attacks on trusted business software

Published: Tuesday, 15 December 2020 09:35

CISA, the Cybersecurity & Infrastructure Security Agency, has issued a warning about the ‘active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020’.

The incident is unusual in that it is an attack on trusted business software, with attackers engineered the software to deliver malware under the cover of a standard software update.

SolarWinds has confirmed the validity of the issue, stating that it “has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1.”

It appears that the attack was conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack, says SolarWinds.

FireEye, the company that discovered the issue, states that the actors behind this attack have used it to gain access to numerous public and private organizations around the world, beginning as early as Spring 2020 and currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft.

Read the CISA warning.