More details are emerging regarding the Solarwinds Cyber Attack; named Sunburst.
Sunburst involved the insertion of malicious code into Orion, giving the attacker the ability to obtain elevated credentials on the network they have a foothold in, which in turn means they can gain access to data and largely do as they please. The backdoor seems to have been distributed via legitimate automatic update platforms since March 2020.
It appears to affect SolarWinds’ Orion Platform software builds for versions 2019.4 HF 5 and 2020.2 with no hotfix, or 2020.2 HF 1. The current advice involves isolating machines running solarwinds if they are running the affected versions of Orion and ensuring the appropriate hotfixes are applied.
A full list is available from the Solarwinds website and Microsoft have also shared guidance on the matter.
About the Author: Mike Starnes
Mike has worked in the IT Industry for over 20 years. If he's not talking technology, he'll be reading, playing football or trying to embarrass his daughters.