14 December 2020

SolarWinds admits product updates were subverted by nation state while FireEye warns exploit is rampant

SolarWinds' "Orion" IT monitoring platform has been compromised, and speculation is swirling that it was used in attacks on major US government agencies that could also be linked to last week's revelation that FireEye's top hacking tools have been accessed.

A statement from Kevin Thompson, SolarWinds president and CEO, said the company is "aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products."

"We believe that this vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time."

www.theregister.com


No comments:

Post a Comment