This threat report is about the SolarWinds Orion platform compromise and contains information pertinent to security operations teams that have the specific version of SolarWinds Orion deployed in their environment.
SolarWinds Orion is a widely deployed IT management and monitoring platform used by IT organizations across many industries. The supply chain nature of the attack is serious and represents a critical risk to organizations with Orion deployed within their environment. The Department of Homeland Security has mandated all Federal Agencies immediately disconnect compromised Orion infrastructure from their network and perform forensic analysis to determine the scope of further persistent access.
While the investigation into this compromise is still ongoing, here’s what is known:
The currently known command and control infrastructure can be found here.
NOTE:
While Avertium does utilize some SolarWinds software, we DO NOT have Orion platform components installed in either our corporate infrastructure or customer environments.
We have updated our threat intelligence platforms to detect activity associated with these indicators of compromise.
Even if you are not directly exposed, your critical vendors may be. It is imperative to understand your third-party risk related to this incident. Contact organizations in your supply chain.
Teams that have a compromised version of Orion installed in the environment:
We recognize the graveness of this latest attack and are here to help. If you are a current Avertium customer and believe your organization has been exposed, please contact your representative. If you aren't yet an Avertium customer, please call us on our 24-hour hotline at 877-707-7997 option 4 or contact us here.
https://cyber.dhs.gov/ed/21-01/