The U.S. Cybersecurity and Infrastructure Security Agency issued an Emergency Directive confirming that SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors to gain access to network traffic management systems. The warning advises U.S. government agencies to take immediate action due to a high potential for a compromise of agency information systems.
Media reports indicate that the Commerce and Treasury departments have already suffered significant breaches.
For its part, SolarWinds issued a statement indicating that it believes a cyberattack inserted a vulnerability within its Orion monitoring products, potentially allowing an attacker to compromise the server on which the Orion products run. The vulnerability is believed to been inserted in Orion software updates released between March and June 2020.
SolarWinds said it has been advised that the intrusion was a targeted attack by a nation-state, however, the company has not been able to confirm the identity of the attacker.
On Sunday, SolarWinds reached out to its approximately 33,000 Orion product customers to inform them of the vulnerability.
https://cyber.dhs.gov/ed/21-01/
