This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hackers getting in via NPM maybe

https://www.google.com/amp/s/www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html%3foutputType=amp

Top Replies

danielleh over 2 years ago +6 verified

SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at solarwinds.com/securityadvisory.
ellard over 2 years ago in reply to rharland2012 +5

Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the…
foonly over 2 years ago +4

I cannot keep searching these forums for latest info. As of this writing, the link at: https://www.solarwinds.com/securityadvisory is undated and has no time stamp indicating that it is the latest info…

Parents

0 familyofcrowes over 2 years ago

Anyone know anything about this?
Rumors a patch may be coming concerning this
Cancel
Vote Up 0 Vote Down

Cancel
0 rharland2012 over 2 years ago in reply to familyofcrowes

I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 rharland2012 over 2 years ago in reply to familyofcrowes

I'm kind of astounded that no official message - even just of acknowledgement - has been sent by Solarwinds to customers. Also, what rumors are you referring to? I haven't even seen an official list of affected products/versions. The article seems to indicate that something was piggybacked on update requests during a certain timeframe. Without more info, it's hard to do anything more refined than shut down the platform or remove all write privilege to service accounts.
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 ellard over 2 years ago in reply to rharland2012

Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the Developers early. The updated .dll will be in the forthcoming patches.
Cancel
Vote Up +5 Vote Down

Cancel
0 ellard over 2 years ago in reply to ellard
Per Support:
We have just been made aware that our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 through 2020.2.1.

If customers ask for an ETA when the vulnerability will be resolved, please use the info below to set expectations with them.
2020.2 Hotfix 2 will be available on Tuesday, Dec 15th
2019.4 Hotfix 6 will be available on Monday, Dec 14th
Customers needing an immediate fix for 2019.4 Hotfix 5 can install a DLL provided by Engineering (more info about this from Engineering to come)
----------------------------------------------------------------------------------------------

As per our discussion this was the said date it will be release for the vulnerability fixed.
For the immediate fixed we are still waiting for the official announcement from the Engineering regarding full details.
Cancel
Vote Up 0 Vote Down

Cancel
0 riffster over 2 years ago in reply to ellard

Called Solarwinds support and the staff member answering the Tech Support line pretty much what is said here - two versions of the Orion Platform are impacted by the hack - 2019.4 and 2020.2. Earlier versions are not impacted. They also stated fixes are due out very soon - believe it was two or three at most.
Cancel
Vote Up 0 Vote Down

Cancel
0 riffster over 2 years ago in reply to riffster

Correction - the prior poster was spot on about patches coming out on 12/14 and 12/15.
Cancel
Vote Up 0 Vote Down

Cancel
0 dmueller_fanatics.com over 2 years ago in reply to riffster

As there's not been any official information published, I will be reaching out out to our SW Rep in the morning for details.
Cancel
Vote Up 0 Vote Down

Cancel
0 mlill9098 over 2 years ago in reply to dmueller_fanatics.com

Here is some more detailed information around the hack from fireeye site.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Cancel
Vote Up +1 Vote Down

Cancel