Here is some more detailed information around the hack from fireeye site.
Every SolarWinds Orion user should read the following two links and follow through with their systems immediately.
danielleh, thanks for your prompt reply already. It would be great to see a pinned post or hero banner for everyone who logs into Thwack. Our thoughts are with everyone at SolarWinds and customers who will be scrambling on this one!
Windows Defender from 2020-12-12 seem to protects from this threat: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Solorigate.C!dha&ThreatID=2147771132
Not sure why people are linking to the fireeye hack. They had their internal systems compromised, and their red team tools stolen. Which are basically open source tools, readily available. They're also using known exploits and no 0days.
From what I know of the Orion hack, this is a supply chain hack, so their FTP or similar has been compromised, and their code replaced with additional code. Seems the US government was the target, as they've advised two departments have been compromised.
This is concerning either way, especially as it seems this hack has been present for quite some time. And I would've expected a company the size of SolarWinds to be having pentests regularly to find these issues.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.