Austin-Made Software At Center Of U.S. Government Cyberattack

AUSTIN, TX —Austin-based SolarWinds on Sunday confirmed its technology management software was attacked with malware that enabled hackers to access federal treasury and commerce departments' networks.

Company officials said in a statement it was aware of the vulnerability related to updates of its Orion technology management software released between March and June. "SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 through 2020.2.1, released between March 2020 and June 2020," the company acknowledged in a late Sunday security advisory.

"We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack," the SolarWinds statement continued.

The U.S. Department of Commerce confirmed to CNN it had been the victim of a data breach in an attack believed to be linked to Russia. "We can confirm there has been a breach in one of our bureaus," agency officials told the news network. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) also confirmed the data breach. "We have asked CISA and the FBI to investigate, and we cannot comment further at this time," commerce department officials told CNN.

Reuters and other news outlets reported the U.S. Department of the Treasury and the Department of Homeland Security itself also were attacked via a software update as pathway. Christopher Bing of Reuters, who broke the story, noted the breach occurred less than a month after Donald Trump fired the head of CISA.

Department of Homeland Security Assistant Secretary for Public Affairs Alexei Woltornist issued a statement on Monday in response to reports on the breach: “The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response," Woltornist said. "As the federal lead for cyber breaches of civilian federal agencies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has already issued Emergency Directive 21-01 to the federal government to address compromises related to SolarWinds. As further remedies to these vulnerabilities are available, CISA will update the public at www.cisa.gov.

Woltornist urged anyone with further information related to cyber breaches to contact CISA at central@cisa.gov.

Local IT company SolarWinds serves government customers across the executive branch as well as intelligence and military services, according to reports. Known as a "supply chain attack" in the IT nomenclature, the breach works by hiding malicious code in the body of legitimate software updates from third parties provided to targets as explained by Reuters.

SolarWinds outlined guidance for clients using its Orion Platform:

• "We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal."
• "If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here."
• "If you cannot upgrade immediately, please follow the guidelines available here for securing your Orion Platform instance. The primary mitigation steps include having your Orion Platform installed behind firewalls, disabling internet access for the Orion Platform, and limiting the ports and connections to only what is necessary."
• "An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements."

All told, less than 18,000 SolarWinds users have the vulnerable software, Reuters reported.

The Austin-based software firm reiterated its commitment to security and trust in light of the breach while vowing to continually update customers of further developments.

"Security and trust in our software is the foundation of our commitment to our customers," the company wrote in its security advisory. "We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security process, procedures and standards designed to protect our customers."

Customers with further questions ahead of the software firm's next update are urged to contact Customer Support by calling 1-866-530-8040 or via swisupport@solarwinds.com.

SolarWinds operates its headquarters at 7171 Southwest Parkway.