Customer Update: SolarWinds Orion Compromise

As you all know, FireEye recently uncovered that multiple commercial and government organizations were infiltrated by cyber threat actors via exploitation of the SolarWinds Orion software. FireEye, Microsoft and the FBI continue to investigate this incident and publish updated information regarding the exploitation.

This is a rapidly evolving situation, and new information comes to light regularly.

We are monitoring the news and will continue to keep our customers informed. In the meantime, it is important to remain calm and maintain regular operations to keep your business thriving. No organization is entirely invulnerable to cyber threat, but the ability to fight through an incident and maintain business continuity is key.

FireEye has been the quintessential example for cyber resiliency. This more mature approach for fighting through the type of advance threat scenario that has been reported was only recently published as a standard by the National Institute of Standards and Technology (NIST) in their Special Publication 800-160 Volume 2: Developing Cyber Resilient Systems.

12/18/2020

What’s in the News

Microsoft is now reaching out to customer’s who might be targets of a specific compromise. If you are contacted and seek further assistance, our team of cyber operations experts are standing by to help you.

Both FireEye and Microsoft are incorporating what they learn into their tools as fast as they can to mitigate the effects of this incident, and Ardalyst continues to monitor updates from both companies as well as our customers’ systems. If we find any evidence of potential exploitation, we will immediately inform you and take mitigating action.

Our Recommendations

In accordance with CISA Emergency Directive 21-01, we highly recommend you disconnect or power down any SolarWinds Orion products until further notice if you are using them.

If you are not currently a monitored customer and would like to discuss implementing monitored service with us, please call 833-682-8270 so we can get started as soon as possible.

Resources

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers – Microsoft Security

CISA Emergency Directive 21-01

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Unauthorized Access of FireEye Red Team Tools

Let's talk

If you want to get a free consultation without any obligations, fill in the form below and we'll get in touch with you.