As you’ve likely seen reported, SolarWinds discovered a supply chain attack compromising their Orion business software updates that distributed malware known as SUNBURST. The malware permits an attacker to gain access to network traffic management systems, and the attacker can leverage this to gain elevated credentials. This compromise was used to target the cybersecurity firm FireEye, as well as multiple U.S. government agencies. For more information on the details of the breach, please see the advisory from the Cybersecurity & Infrastructure Security Agency.
NXTSoft (ThreatAdvice) does not use any SolarWinds or FireEye products internally. However, we are following the developments of this news closely on behalf of our clients. The security of our products, our partners, and our client data is of critical importance, and while we have no evidence to suggest that any of our systems are involved or impacted, below are the following actions we are proactively taking while this cyber event unfolds:
- Our Security Operations Center (SOC) will continue to carefully monitor the situation. Regarding the SUNBURST malware, the SOC has taken actions to blacklist the known IOCs related to the compromised files globally on our SentinelOne consoles. If you are not utilizing this valuable EDR, please contact us today!
- Although NXTSoft (ThreatAdvice) has not been affected by this event, we are considering the impacts to develop our own lessons learned and use it as an opportunity to assist our valued clients and potential prospects.
Recommendations for Customers/Partners:
If your organization utilizes SolarWinds, be sure to stay current on the recommendations and hotfixes from SolarWinds directly. Review their Security Advisory page for updated information fixes.
As always, if you ever see anything that you suspect may be malicious or fraudulent activity within your environment, please report them immediately to the ThreatAdvice Team.