What is solarwinds orion
SolarWinds said its technology is used by the Pentagon, all five branches of the U.S. The company said it isn’t aware of any impact to its remote monitoring and management (RMM), N-Central and associated SolarWinds MSP products from the attack on Orion.Īustin, Texas-based SolarWinds last week named Pulse Secure’s Sudhakar Ramakrishna as its next CEO, and has been examining a spin-out of its MSP tools business for months. The Orion platform supports SolarWinds’ traditional IT infrastructure management business and isn’t connected to the SolarWinds MSP business built through acquisitions in recent years. While hackers over the past two years have taken advantage of the tools MSPs rely on to manage customer IT systems, the tools utilized in this breach do not appear to be linked to SolarWinds’ MSP business. FireEye said it’s been working closely with SolarWinds, the Federal Bureau of Investigation, and other key partners.
The company said it’s been told the attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, though no specific country was named.Ī FireEye blog post states that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software, but didn’t disclose the identity of any of the victims.
#WHAT IS SOLARWINDS ORION MANUAL#
IT infrastructure mangement vendor SolarWinds disclosed Sunday that it experienced a highly sophisticated, manual supply chain attack on versions of its Orion network monitoring product released between March and June of this year. It is unclear whether a breach last week of security vendor FireEye was also linked to SolarWinds. Commerce Departments were breached through SolarWinds as part of a Russian government campaign, The Washington Post reported.
The directive instructs the all agencies operating SolarWinds products to report that they have completed the shutdown by noon ET Monday.ĬISA issued the directive following a report that the SolarWinds Orion IT management tool had been used to hack several federal agencies. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners-in the public and private sectors-to assess their exposure to this compromise and to secure their networks against any exploitation.” “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales in the directive. “This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.” government late Sunday night called on all federal civilian agencies to power down SolarWinds Orion products immediately because they are being used as part of an active security exploit.Īn emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) comes “in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors,” according to the notice.