SolarWinds Supply Chain Hack Responsible for FireEye Breach
Recently, the cybersecurity consulting firm FireEye announced that attackers had stolen sensitive “red team” hacking tools and potentially information related to certain government customers. FireEye has historically been one of the most prominent consultants to investigate attacks against large organizations and government entities. By targeting FireEye, the threat actors potentially had gained access to sensitive information from the US Government and enterprise giants across all industries. FireEye is still working to find the real threat actors they believe are responsible for the breach, but many industry experts and sources at the FBI have pointed fingers at the Russian-backed hacking group APT29.
On Sunday, FireEye provided an update stating that the campaign started as early as Spring 2020 and included significantly more victims than just themselves. They were able to identify a trojanized SolarWinds Orion update, which they named SUNBURST, as the breach origin. Between March And June of this year (Solarwinds Orion update versions 2019.4 through 2020.2.1), the threat actors inserted malicious code. They digitally signed updates to the SolarWinds Orion Platform before posting them on SolarWinds’ official website. The US Cybersecurity and Infrastructure Security Agency (CISA) published a directive soon after FireEye’s update, requiring all federal civilian agencies to review their networks for indicators of compromise (IoCs) and disconnect any running SolarWinds Orion servers.
SolarWinds requests that their customers update their Orion installations to 2020.2.1 HF 1 as quickly as possible to mitigate the compromised components. Additionally, they plan to release version 2020 2.1 HF 2 on Tuesday, which will replace the compromised components and “provide several additional security enhancements.”
Supply chain attacks that target vendors as a way to reach the intended victims have grown increasingly popular in recent years, mostly thanks to their ability to stay hidden for a significant amount of time. If your company is a SolarWinds Orion customer, listen to their advice and install the SolarWinds Customer Portal updates as quickly as possible to mitigate this threat. You can check what version of the Orion Platform you are running and check out the hotfixes you need to apply.
Clarity is proud to have been providing Network Security Services and Firewall Systems to the clients in North America and South America for many years , including clients Worldwide offering our unified communications platform. Clarity Technologies Group, LLC surpasses expectations.
Call Clarity at 800-354-4160 today, or email us at [email protected]. We are partnered internationally and open seven days a week, 8:30 AM to 5:00 PM EST/EDT. http://188.8.131.52/ and https://dotmantech.com.