World News – UK – USA Urges Federal Agencies To Shut Down SolarWinds Orion Due To Security Breach

An emergency instruction issued by the U. S.. . The government is urging all civil federal agencies to disconnect or turn off SolarWinds Orion’s IT management tools as they are used to facilitate an active exploit.

The U. . S.. . The government late Sunday evening urged all civil federal agencies to immediately turn off SolarWinds Orion products as they are being used as part of an active security exploit.

A contingency policy issued by the Cybersecurity and Infrastructure Security Agency (CISA) comes « in response to a known compromise with SolarWinds Orion products that are currently being exploited by malicious actors ». “This emergency policy calls on all civil federal agencies to review their networks for signs of compromise and to immediately disconnect or turn off SolarWinds Orion products. ”

« The compromise of SolarWinds’ Orion Network Management products poses unacceptable risks to federal network security, » said Brandon Wales, acting director of CISA, in the policy. “Today’s guideline is intended to reduce potential compromises within the federal civil networks. We urge all our partners in the public and private sector to assess their exposure to this compromise and to protect their networks from any form of exploitation. ”

The policy instructs all agencies operating SolarWinds products to report that they have completed the shutdown by noon ET Monday.

CISA issued the policy after a report that the SolarWinds Orion IT management tool was used to hack several federal agencies.

[Related: 8 Important Things You Should Know About The Federally Sponsored FireEye Hack]

The U. . S.. . Treasury and the U. . S.. . Commercial departments were injured by SolarWinds as part of a Russian government campaign, the Washington Post reported. It’s unclear whether a breach by security vendor FireEye in the past week has also been linked to SolarWinds.

SolarWinds, an IT infrastructure management company, announced Sunday that it had experienced a sophisticated manual supply chain attack on versions of its Orion network monitoring product released between March and June this year. The company was told that the attack was likely carried out by an outside nation-state and was intended to be a narrow, highly targeted, and manually executed attack, although no specific country was identified.

A FireEye blog post states that trojanized updates to SolarWinds’ Orion software gave hackers access to numerous public and private organizations without revealing the identity of any of the victims. FireEye said it works closely with SolarWinds, the Federal Bureau of Investigation, and other key partners.

While hackers for the past two years have leveraged the tools MSPs rely on to manage customer IT systems, the tools used in this breach appear to be unrelated to SolarWinds’ MSP business.

The Orion platform supports SolarWinds ‘traditional IT infrastructure management and is not tied to SolarWinds’ MSP business, which has been built through acquisitions in recent years. The company said it was unaware of any impact of the attack on Orion on Remote Monitoring and Management (RMM), N-Central and its related SolarWinds MSP products.

SolarWinds of Austin, Texas last week named Pulse Secure’s Sudhakar Ramakrishna as the next CEO and has been considering a spin-off of its MSP tools business for months. SolarWinds said its technology is used by the Pentagon, all five branches of the U.. S.. . Military, State Department, NASA, NSA, Postal Service, National Oceanic Atmospheric Administration, Department of Justice, and the Office of the President of the United States.

« The United States government is aware of these reports and we are taking all necessary steps to identify and correct possible problems related to this situation, » said John Ullyot, spokesman for the National Security Council, to the Washington Post.

FireEye shockingly announced Tuesday that it had suffered a security breach in an allegedly state-sponsored attack to gain intelligence on some of the company’s government customers. The attacker was able to access some of FireEye’s internal systems but did not appear to have filtered data from the company’s primary systems that hold customer information, according to the threat intelligence provider.

However, the threat actor stole the FireEye Red Team’s security assessment tools, and FireEye said it was not certain whether the attacker plans to use the stolen tools himself or to make it public. FireEye’s stock is down $ 1. 69 (10. 9 percent) to $ 13. 83 per share since the hack was announced after the market closed on Tuesday.

The
The Washington Post reported on Sunday that the hackers working for the Russian intelligence agency – known as APT29 – who attacked FireEye also compromised its finance and commercial departments, as well as other undergrounds. S.. . Government authorities. The violations have been going on for months and may constitute an operation as significant as the State Department and White House hacks during the Obama years.

There are concerns within the U. . S.. . Reuters reported on Sunday that the hackers targeting the Treasury Department and the Commerce Department’s national telecommunications and information administration used a similar tool to break into other government agencies. The hack is so serious that it led to a meeting of the National Security Council in the White House on Saturday, according to Reuters.

APT29 also compromised the Democratic National Committee’s servers in 2015, but did not lose the hacked DNC material. Instead, the Russian military espionage agency GRU hacked DNC separately and forwarded its 2016 emails to WikiLeaks, the Post said.

The Washington Post said APT29 is hacking and stealing secrets for traditional espionage purposes that can be useful for the Kremlin to understand the plans and motives of politicians and policy makers. According to The Post, group members have stolen trade secrets, hacked foreign ministries and, more recently, attempted to steal coronavirus vaccine research.

SolarWinds, Computer Security, FireEye, Reuters