![orion solarwinds icon orion solarwinds icon](http://4.bp.blogspot.com/-3zouUSe_ljs/T6PxkZWJ11I/AAAAAAAAAHk/KDNsVIoL6gA/s1600/SolarwaindsOrion5.png)
![orion solarwinds icon orion solarwinds icon](https://techiecheng.files.wordpress.com/2018/10/swfoetoha1.jpg)
#ORION SOLARWINDS ICON SOFTWARE#
The version of Orion containing the malicious payload came with a valid signature from SolarWinds’ software signing keys, and according to SolarWinds, the illicit modification happened in their software build system, and was not visible in their source code.Ī software supply chain consists of all the people, systems, and code that go into making and distributing or operating a product, application, or service. What we do have are details about how Orion came to have malicious code inserted. So far, little information is available about how Solarwinds came to be compromised, but we expect that to change over time. While almost two thousand unique command and control domains are known for this malware, only a small percentage of organizations are confirmed impacted so far. SolarWinds reported to the SEC that more than 18,000 Orion customers received the same infected update. Orion is represented by the system on the left, and on the right it is accessing cloud services, routers, workstation, software as a service offerings, and many other things an organization depends upon. To better illustrate this level of network access, we’ve outlined the scenario in a diagram below. It needs broad and privileged access to function properly, and this makes it a great vehicle to gain access to many environments. SolarWinds Orion is a network monitoring and management tool that is used widely to understand and control the complexity of heterogeneous environments. They were far from the only ones impacted. What Happened?įireEye reportedly discovered this campaign as they investigated a breach of their own network, and determined that it originated from a attacker modified version of SolarWinds’ Orion Product. What follows is our perspective on what happened based on the facts available so far, with some recommendations of what to focus on, and what not to lose focus of, as the dust settles. HugOps to all of you working hard to understand what happened and for cleaning it up! This incident is particularly interesting for several reasons: for the breadth of sensitive global government and industry targets, for misuse of a trusted product’s software supply chain, and for the techniques used to circumvent internal controls and maintain persistent access without raising alarms.įirst, and most importantly, we feel deeply for incident responders, PR teams, security and technology professionals, attorneys, law enforcement, and others who will be dealing with investigations into their own systems as the result of these revelations instead of enjoying the holidays after a tough year.
![orion solarwinds icon orion solarwinds icon](https://cdn.networkmanagementsoftware.com/wp-content/uploads/new-cust-prop-300x210.png)
Last week, a large and expertly run espionage operation was made public - one that began no later than October 2019, and which had been actively exploiting victims since at least early 2020.