The U.S. Cybersecurity and Infrastructure Security Agency on Dec. 13 issued a rare emergency directive requiring all federal civilian agencies to review their networks and immediately disconnect Orion software products produced by Austin, Texas-based IT group SolarWinds.
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, Reuters reported on Dec. 13 citing people familiar with the matter. Russia denied any involvement. Cyber spies may have tampered with updates released by SolarWinds, according to a Dec. 13 research report from FireEye, a cybersecurity group which on Dec. 8 revealed that it had itself been targeted. The trick, often referred to as a supply-chain attack, works by hiding malicious code in the body of legitimate software updates. FireEye said intrusions could have occurred as early as spring 2020.
SolarWinds said the attack was “likely conducted by an outside nation state” and that it was probably targeted and manually executed rather than system-wide. The company says on its website that customers include all five branches of the U.S. military, the Pentagon and the State Department as well as more than 425 of the Fortune 500 list of top American companies and the five largest U.S. accounting firms.