This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hackers getting in via NPM maybe

https://www.google.com/amp/s/www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html%3foutputType=amp

Top Replies

danielleh over 2 years ago +6 verified

SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at solarwinds.com/securityadvisory.
ellard over 2 years ago in reply to rharland2012 +5

Just logged a ticket with support. They indicate patches for 2019 and 2020 are coming 12/14 and 12/15 respectively. No other remediation steps available other than getting an updated .dll file from the…
foonly over 2 years ago +4

I cannot keep searching these forums for latest info. As of this writing, the link at: https://www.solarwinds.com/securityadvisory is undated and has no time stamp indicating that it is the latest info…

0 mlill9098 over 2 years ago in reply to dmueller_fanatics.com

Here is some more detailed information around the hack from fireeye site.
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Cancel
Vote Up +1 Vote Down

Cancel
0 ahbrook over 2 years ago

We decided to not take any chances with our information.
I will note that the security advisory got caught in our junk mail folders, so I HIGHLY recommend checking there. We got ours at 20:35 CST, after we'd started our own internal incident response.
Cancel
Vote Up +1 Vote Down

Cancel
0 tinmann0715 over 2 years ago

This has me very concerned. I would expect an email whether I was impacted or not...
Cancel
Vote Up +2 Vote Down

Cancel
0 johnsonmd over 2 years ago

Went to my junk folder as well! I am not running an affected version.
Cancel
Vote Up 0 Vote Down

Cancel
0 danielleh over 2 years ago

SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at solarwinds.com/securityadvisory.
Cancel
Vote Up +6 Vote Down

Cancel
0 jvoss over 2 years ago in reply to superfly

There is a page with more details on affect area's and patching expected the 15th:
https://www.solarwinds.com/securityadvisory
Cancel
Vote Up 0 Vote Down

Cancel
0 mwb over 2 years ago in reply to superfly

2019.4 is listed as affected
Cancel
Vote Up 0 Vote Down

Cancel
0 sturdyerde over 2 years ago

Every SolarWinds Orion user should read the following two links and follow through with their systems immediately.
https://www.solarwinds.com/securityadvisory
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
danielleh, thanks for your prompt reply already. It would be great to see a pinned post or hero banner for everyone who logs into Thwack. Our thoughts are with everyone at SolarWinds and customers who will be scrambling on this one!
Cancel
Vote Up 0 Vote Down

Cancel
0 Seashore over 2 years ago

Windows Defender from 2020-12-12 seem to protects from this threat: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/Solorigate.C!dha&ThreatID=2147771132
Cancel
Vote Up +1 Vote Down

Cancel
0 janobi over 2 years ago

Not sure why people are linking to the fireeye hack. They had their internal systems compromised, and their red team tools stolen. Which are basically open source tools, readily available. They're also using known exploits and no 0days.
From what I know of the Orion hack, this is a supply chain hack, so their FTP or similar has been compromised, and their code replaced with additional code. Seems the US government was the target, as they've advised two departments have been compromised.
This is concerning either way, especially as it seems this hack has been present for quite some time. And I would've expected a company the size of SolarWinds to be having pentests regularly to find these issues.
Cancel
Vote Up 0 Vote Down

Cancel