- SolarWinds Orion trojan / supply-chain compromise
Re: SolarWinds Orion trojan / supply-chain compromise
toggle quoted messageShow quoted text
The FireEye statement seems in direct contradiction to SolarWinds' assertion of narrow scope:
- The campaign is widespread, affecting public and private organizations around the world.
On Sun, Dec 13, 2020 at 7:18 PM Royce Williams <royce@...
Appears to have been targeted, but not sure what orgs might have been targeted.
SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack. We recommend taking the following steps related to your use of the SolarWinds Orion Platform.
We are recommending you upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of your environment. The latest version is available in the SolarWinds Customer Portal.
Join email@example.com to automatically receive all group messages.