You are subscribed to National Cyber Awareness System Current Activity for
Cybersecurity and Infrastructure Security Agency. This information has recently
been updated, and is now available.
12/23/2020 12:55 PM EST
release date: December 23, 2020
CISA is tracking a known compromise involving SolarWinds Orion products that
are currently being exploited by a malicious actor. An advanced persistent
threat (APT) actor is responsible for compromising the SolarWinds Orion
software supply chain, as well as widespread abuse of commonly used
authentication mechanisms. If left unchecked, this threat actor has the
resources, patience, and expertise to resist eviction from compromised networks
and continue to hold affected organizations at risk.
In response to this threat, CISA has issued CISA Insights: What
Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA
Insights provides information to leaders on the known risk to organizations and
actions that they can take to prioritize measures to identify and address these
CISA has also created a new Supply
Chain Compromise webpage to consolidate the many resources—including Emergency
Directive (ED) 21-01 and Activity Alert AA20-352A:
Advanced Persistent Threat Compromise of Government Agencies, Critical
Infrastructure, and Private Sector Organizations—that we have released on
this compromise. CISA will update the webpage to include partner resources that
are of value to the cyber community.