CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for
Cybersecurity and Infrastructure Security Agency. This information has recently
been updated, and is now available.

Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

12/23/2020 12:55 PM EST


release date: December 23, 2020

CISA is tracking a known compromise involving SolarWinds Orion products that
are currently being exploited by a malicious actor. An advanced persistent
threat (APT) actor is responsible for compromising the SolarWinds Orion
software supply chain, as well as widespread abuse of commonly used
authentication mechanisms. If left unchecked, this threat actor has the
resources, patience, and expertise to resist eviction from compromised networks
and continue to hold affected organizations at risk.

In response to this threat, CISA has issued CISA Insights: What
Every Leader Needs to Know About the Ongoing APT Cyber Activity
. This CISA
Insights provides information to leaders on the known risk to organizations and
actions that they can take to prioritize measures to identify and address these

CISA has also created a new Supply
Chain Compromise webpage
to consolidate the many resources—including Emergency
Directive (ED) 21-01
and Activity Alert AA20-352A:
Advanced Persistent Threat Compromise of Government Agencies, Critical
Infrastructure, and Private Sector Organizations
—that we have released on
this compromise. CISA will update the webpage to include partner resources that
are of value to the cyber community.

To read the latest CISA Insights, visit
For more information on the SolarWinds Orion software compromise, visit

This product is provided subject to this Notification
and this Privacy
& Use