As we previously posted, SolarWinds Orion is a tool used by many IT Managed Service Providers (MSPs) in the asset management industry which was compromised by a nation state.
This is a REALLY BIG issue that will take months (or even longer) to figure out as SolarWinds is one of the largest vendors supporting IT systems available. SolarWinds has over 330k customers of which they believe ~18k were affected (which is huge). Our experience with initial notifications is that it probably involves many more than the initial 18k customers identified.
However, the so-called “good news” at this point, is that it is believed to be a nation state (probably Russia). This is good news for the asset management industry because of how we look at the threat – which is based on MOTIVATION. In this instance, we believe the motivation is primarily nationalistic and not driven by financial gain. Meaning: US Government agencies beware as you are the primary focus. Still, it is scary with how very little is known right now. With that said, we suggest you ask your IT MSP or IT department the following questions:
- Do you use SolarWinds to manage our systems, and if so, do you use “Orion”?
- If you do use Orion, what steps have you taken to remediate the known issues?
For more information related to this notice, please see the updated SolarWinds advisory here.
If you need assistance in performing forensic investigation or if you have further questions, BW Cyber Services’ Digital Forensics and Incident Response team can help. For more information we can assist, please contact us at firstname.lastname@example.org.