The Cybersecurity and
Infrastructure Security Agency (CISA) is aware of active exploitation of a
vulnerability in SolarWinds Orion Platform software versions 2019.4 through
2020.2.1, which was released between March 2020 through June 2020.
In response CISA has published an urgent Current Activity Alert “Active Exploitation of SolarWinds
Software“ which can be found at:
https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software
and Emergency Directive 21-01, “Mitigate
SolarWinds Orion Code Compromise,” directed at Federal
Civilian Agencies, further emphasizing the urgency of this
Alert: https://cyber.dhs.gov/ed/21-01/
CISA encourages affected organizations to read the SolarWinds and
FireEye advisories for more information and FireEye’s GitHub
page for detection countermeasures:
SolarWinds Security Advisory
- FireEye
Advisory: Highly Evasive Attacker Leverages SolarWinds Supply Chain to
Compromise Multiple Global Victims With SUNBURST Backdoor - FireEye
GitHub page: Sunburst Countermeasures
We kindly request any
questions, feedback, or related incidents related to this product be reported
to CISA at Central@cisa.gov or
888-282-0870.