Following news of a recent cyberattack that saw SolarWinds systems affected, the below information has been provided to support the NHS with their response.
Recent as of December 17, 2020, 12:00pm CST – source SolarWinds website
SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. This attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software. In this case, it appears that the code was intended to be used in a targeted way as its exploitation requires manual intervention. We’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker.
The Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) issued Emergency Directive 21-01 regarding the SUNBURST vulnerability on December 13, 2020. CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency.
A Frequently Asked Questions (FAQ) page is available here, and we intend to update this page as we learn more information.
First, we want to assure you we’ve removed the software builds known to be affected by SUNBURST from our download sites.
We recommend taking the following steps related to your use of the SolarWinds Orion Platform.