The US government called on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately as they are being exploited by malicious actors.
The Cybersecurity and Infrastructure Security Agency (CISA) late Sunday night issued Emergency Directive 21-01, as hackers broke into the networks of the US treasury and commerce departments via trojanized updates to SolarWind’s Orion IT monitoring and management software.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
Global cybersecurity firm FireEye, that first flagged the hacking campaign, discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware they call SUNBURST.
This campaign may have begun as early as Spring 2020 and is currently ongoing.
FireEye added that the campaign is widespread, affecting public and private organizations around the world.
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015.