- #Solarwinds supply chain attack how to
- #Solarwinds supply chain attack update
- #Solarwinds supply chain attack software
Disconnecting affected devices, as described in Required Action 2 of the ED, is the only known mitigation measure currently available.
This tactic permits an attacker to gain access to network traffic management systems. Multiple versions of SolarWinds Orion are currently being exploited by malicious actors. On DecemCISA determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.
#Solarwinds supply chain attack update
On December 30, 2020, CISA released guidance to supplement the Emergency Directive (ED) 21-01 and Supplemental Guidance v1 issued on December 18, 2020.On January 6, 2021, CISA released supplemental guidance v3 that requires (1) agencies that ran affected versions conduct forensic analysis, (2) agencies that accept the risk of running SolarWinds Orion comply with certain hardening requirements, and (3) reporting by agency from department-level Chief Information Officers (CIOs) by Tuesday, January 19, and Monday, January 25, 2020.CISA Updates Supplemental Guidance on Emergency Directive 21-01.
#Solarwinds supply chain attack how to
The initial release of CHIRP scans for signs of APT compromise within an on-premises environment to detect indicators of compromise (IOCs) associated with CISA Alerts AA20-352A and AA21-008A.Ī demonstration video is available on CISA’s YouTube channel to help agencies and organizations understand how to use CHIRP. This capability was developed to assist network defenders with detecting advanced persistent threat (APT) activity related to the SolarWinds and Active Directory/M365 compromise. These resources provide information to help organizations detect and prevent this activity.ĬISA released the CISA Hunt and Incident Response Program (CHIRP), a forensics collection capability outlined in Activity Alert AA21-077A and available on CISA’s CHIRP GitHub repository. Pursuant to Presidential Policy Directive (PPD) 41, CISA, the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident.ĬISA also remains in regular contact with public and private sector stakeholders and international partners, providing technical assistance upon request, and making information and resources available to help those affected to recover quickly from incidents related to this campaign.ĬISA encourages individuals and organizations to refer to the resources below for additional information on this compromise. CISA urges organizations to prioritize measures to identify and address this threat. This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked.
#Solarwinds supply chain attack software
An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms.