Agencies urged to disconnect SolarWinds Orion

14.12.2020

Back to news

According to CRN, federal agencies are urged to stop SolarWinds Orion activity in their systems. The company’s IT management solution is believed to be “conductive” during a serious security impact on the U.S. government.

As the massive exploit has been recently reported, authorities demand that all the SolarWinds Orion products get shut down as they have become a tool used by the violators.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive stating that “this Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

Both public and private sectors which concern federal civilian networks are to evaluate their exposure to this breach and take measures to prevent further damage.

A few days ago FireEye, the Silicon Valley cybersecurity company, admitted that its systems were compromised by an allegedly state-sponsored attack in which innovative methods were used in order to plant some opportunities for onward exploits. The company claims to have been working with SolarWinds as well as the Federal Bureau of Investigation and is sure that the organisations got hacked via trojanised SolarWinds Orion updates.

Although instruments MSPs use working with their customers have been a popular target for quite a time already, the breach doesn’t seem to be related to the SolarWinds MSP offer. Remote monitoring hasn’t been affected as Orion supports the company’s traditional IT infrastructure which has nothing to do with the MSP sector.