SolarWinds Orion Vulnerability

• December 16, 2020
• David Anderson

On Sunday, December 13, 2020, it was disclosed that SolarWinds was the victim of a cybersecurity attack. SolarWinds is a popular software company that sells a variety of system management and monitoring tools. Many companies, large and small, utilize their software, including the majority of Fortune 500 companies and other large federal government agencies. Initial analysis connects this backdoor in SolarWinds to a recent compromise of systems at the U.S. Treasury and Commerce Departments.

Attackers were able to use their unauthorized access to SolarWinds’ systems to install a “backdoor” in specific versions of their network monitoring tool, called SolarWinds Orion. Any organization that installed one of the compromised versions of Orion allowed attackers into their internal network. Once on the internal network, the attackers were able to access sensitive credentials on the SolarWinds server and move throughout the network to access other internal resources.

SolarWinds recommends organizations that are affected by this cyber-attack update their Orion software with the latest version. Additional recommendations and analysis are provided by FireEye and Microsoft that provide detailed analysis of the backdoor and also provide indicators of compromise (IOCs) that organizations can use to see if they are affected.

Additional Resources

SolarWinds Vendor Advisory

• https://www.solarwinds.com/securityadvisory

Additional Articles that Summarize the Cyber Attack

• https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
• https://www.reuters.com/article/BigStory12/idUSKBN28N0PG
• https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html
• https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/

Technical Details and Analysis from FireEye and Microsoft (including IOCs)

• https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
• https://github.com/fireeye/sunburst_countermeasures
• https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Tags: backdoor, cyber attack, orion, solarwinds, vulnerability, Information Security, Network Security, Technology Infrastructure | Comments Off on SolarWinds Orion Vulnerability