AUSTIN, TX —Austin-based SolarWinds on Sunday confirmed its technology management software was attacked with malware that enabled hackers to access federal treasury and commerce departments’ networks.
Company officials said in a statement it was aware of the vulnerability related to updates of its Orion technology management software released between March and June. “SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1, released between March 2020 and June 2020,” the company acknowledged in a late Sunday security advisory.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” the SolarWinds statement continued.
The U.S. Department of Commerceconfirmed to CNN it had been the victim of a data breach in an attack believed to be linked to Russia. “We can confirm there has been a breach in one of our bureaus,” agency officials told the news network. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also confirmed the data breach. “We have asked CISA and the FBI to investigate, and we cannot comment further at this time,” commerce department officials told CNN.
Reuters and other news outlets reported the U.S. Department of the Treasury also was attacked via a software update as pathway.
Local IT company SolarWinds serves government customers across the executive branch as well as intelligence and military services, according to reports. Known as a “supply chain attack” in the IT nomenclature, the breach works by hiding malicious code in the body of legitimate software updates from third parties provided to targets as explained by Reuters.
SolarWinds outlined guidance for clients using its Orion Platform:
- “We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.”
- “If you aren’t sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here.”
- “If you cannot upgrade immediately, please follow the guidelines available here for securing your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary.”
- “An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements.”
The Austin-based software firm reiterated its commitment to security and trust in light of the breach while vowing to continually update customers of further developments.
“Security and trust in our software is the foundation of our commitment to our customers,” the company wrote in its security advisory. “We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security process, procedures and standards designed to protect our customers.”
Customers with further questions ahead of the software firm’s next update are urged to contact Customer Support by calling 1-866-530-8040 or via [email protected]
SolarWinds operates its headquarters at 7171 Southwest Parkway.