• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

SolarWinds Supply Chain Hack Responsible for FireEye Breach

December 14, 2020 By Marc Laliberte

Solar winds hacked

Last week, the cybersecurity consulting company FireEye announced they had suffered a breach where attackers stole sensitive “red team” hacking tools and potentially information related to certain government customers. FireEye has historically been one of if not the most prominent consultants brought in to investigate attacks against large organizations and government entities. By targeting FireEye, the threat actors potentially had access to sensitive information from the US Government and enterprise giants across all industries. FireEye has still yet to name who they believe is responsible for the breach but many industry experts and sources at the FBI have pointed fingers at the Russian-backed hacking outfit APT29.

On Sunday, FireEye provided an update stating that the campaign started as early as Spring 2020 and included significantly more victims than just themselves. They were able to identify a trojanized SolarWinds Orion update, which they named SUNBURST, as the breach origin. Between March and June of this year (Solarwinds Orion update versions 2019.4 through 2020.2.1), the threat actors inserted malicious code and digitally sign updates to the SolarWinds Orion Platform before posting them to SolarWinds’ official website. The US Cybersecurity and Infrastructure Security Agency (CISA) published a directive soon after FireEye’s update, requiring all federal civilian agencies to review their networks for indicators of compromise (IoCs) and disconnect any running SolarWinds Orion servers.

SolarWinds is urging their customers to update their Orion installations to 2020.2.1 HF 1 as quickly as possible to mitigate the compromised components. Additionally, they plan to release version 2020 2.1 HF 2 on Tuesday which will replace the compromised components and “provide several additional security enhancements.”

Supply chain attacks that target vendors as a way to reach the intended victims have grown increasingly popular in recent years, largely thanks to their ability to stay hidden for a significant amount of time. If you’re a SolarWinds Orion customer, heed their advice and install the updates from the SolarWinds Customer Portal as quickly as possible to mitigate this threat. You can use this link to check what version of the Orion Platform you are running and this link to check which hotfixes you have applied.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Hacking, Infosec news, Security breach, trojan, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use