SolarWinds suffers massive supply chain attack

The Austin-based software company SolarWinds has fallen victim to a massive supply chain attack believed to be the work of state-sponsored hackers.

According to a new blog post from the cybersecurity firm FireEye, the attackers breached the software provider and then deployed updates for Solarwinds' Orion software that were filled with malware in order to infect the networks of organizations as well as multiple government agencies in the US. 

The latest updates on the supply chain attack come after multiple news outlets reported on Sunday that the US treasury and commerce departments had been hit with a cyberattack.

While sources that spoke with the Washington Post credited the Russian-based hacking group APT29 or Cozy Bear with the attack, FireEye instead gave the group the code name of UNC2452 until it could be proven that APT29 really was responsible.

Microsoft also confirmed that SolarWinds had fallen victim to a cyberattack in a series of security alerts privately sent out to its customers on Sunday.

Using updates to deploy malware

In a security advisory sent out late on Sunday, SolarWinds admitted that its Orion software platform was breached in a targeted attack, saying:

“SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”

FirEye has named the malware deployed in SolarWinds' Orion updates Sunburst while Microsoft has given it the name Solorigate and added detection rules to its antivirus software. The cybersecurity firm also published a technical report as well as a set of detection rules on GitHub.

SolarWinds plans to release a new update (2020.2.1 HF 2) on Tuesday that “replaces the compromised component and provides several additional security enhancements”.

Via ZDNet



from TechRadar - All the latest technology news https://ift.tt/3ac5OSP