CTA Members Respond to Ongoing SolarWinds Incident

On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize their software updates and gain access to SolarWinds’ customers. In response, the United States Cybersecurity and Infrastructure Security Agency (CISA) released an emergency directive to US Government agencies to disconnect or power down SolarWinds Orion products immediately. Several departments and agencies are known to be compromised and a Cyber Unified Coordination Group has been established to respond to this incident.

CTA members are working to identify and assist their customers that may be at risk of this incident and are publishing blogs and reports to detail their actions, as well as protections and mitigations that would be helpful for response efforts. As a part of this effort, CTA members are sharing information to ensure that we are coordinated and working together for the greater good. We will provide links to our members’ reports and updates related to this incident in this blog, regularly updating it with new information.

 

Anomali


Check Point


Cisco (Talos Intelligence Group)


Dragos


ElevenPaths – Telefónica Cyber Security Company


Fortinet


Intsights


McAfee


Palo Alto Networks (Unit42)


Panda Security


Radware


Rapid7


ReversingLabs


SecurityScorecard


SonicWall


Sophos


Symantec – A Division of Broadcom


VMware

 

(Last updated 2:15PM EST, January 19, 2020)

CTA SolarWinds
Headshot of Neil Jenkins.

Author: Neil Jenkins

As Chief Analytic Officer, Neil leads CTA’s analytic efforts, focusing on the development of threat profiles, adversary playbooks, and other analysis using the threat intelligence in the CTA Platform. Previously, he served in various roles within the Department of Homeland Security, Department of Defense, and Center for Naval Analyses, where he spearheaded numerous initiatives tied to cybersecurity strategy, policy, and operational planning for both the public and private sectors.