In mid-December Solar Winds suffered a highly sophisticated cyberattack causing public concern. The company is a leader in monitoring and management software. This was a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware. The attacker gained backdoor access to victims via trojanized updates. In this way the attackers gained access to organizations worldwide, including the US Finance, Trade and Energy Departments, US National Security Agency, National Nuclear Security Administration and several State Department networks.
Suspecting a massive cyber espionage financed by a foreign government, the US Cybersecurity and Infrastructure Security Agency published the Emergency Directive with instructions to Mitigate SolarWinds Orion Code Compromise.
So far, there are around 18000 confirmed cases of users who installed the infected updates.
SolarWinds published a Security Advisory for users of Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to urgently upgrade to Orion Platform version 2020.2.1 HF 2, and the users of Orion Platform v2019.4 HF 5 to urgently upgrade to Orion Platform 2019.4 HF 6.
This attack was very sophisticated since it installed malicious software during standard updates, published in March this year and identified by FireEye company a couple of months later. Also, Microsoft, as the products user, announced that malware software was identified and successfully isolated and eliminated. No indicators of access to development services or user data have been found, nor the evidence that the company products had been used for further spread of malware.
Recovery recommendations are highly demanding and require extraordinary competence of experts, more information is available here
Useful links:
Microsoft-Cyberattacks-cybersecurity-solarwinds-fireeye