“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks. The immediate impact of the revelations is expected to be purely operational as Certified Information Systems Auditor (CISA) has recommended government civilian agencies to stop using SolarWinds Orion.
The National Institutes of Health, DHS and the FBI are also amongst the many branches of the US government that have previously bought the tool. The department of veterans affairs, which is heavily involved in the US response to Covid-19, is another Orion customer and the biggest spender on the tool in recent years. The Pentagon is the biggest customer, with the army and the navy being big users. According to the company, it has over 300,000 customers including more than 425 of the US Fortune 500 all ten of the top 10 US telecommunications companies, all five branches of the US military, all five of the top five US accounting firms, the Pentagon, the State Department, the National Security Agency, the department of justice and the White House.
SolarWinds, publicly-listed in Austin, is a Texas-based company with a value of over $6 billion. Reuters reported that the hackers managed to hide malicious code in a software update for a tool called Orion, which is typically used to make IT simpler with a single panel for administering various parts of a network.Įarlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020 which provided them with a strong foothold for future hacking. Communications at the US treasury and commerce departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.Īccording to Reuters, which broke the news on Sunday, hackers believed to be working for Russia have been monitoring internal email traffic at the US treasury and commerce departments.
0 kommentar(er)
