The recent hack against FireEye and the U.S. Treasury and Commerce Department affected SolarWinds software for other clients as well (not limited to the U.S. government). SolarWinds has confirmed a cyberattack to its systems inserted a vulnerability within the SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1 (see the SolarWinds Advisory if unsure which version you use). If your organization uses these products, prompt action may be needed to identify and mitigate potential security implications. Some SolarWinds customers have already received notice directly from SolarWinds that the products their organization uses were not affected by the incident and no action is required. Otherwise, we recommend the following mitigation steps, along with review of the advisories from SolarWinds and FireEye also provided below: 

  1. Disconnect from the internet all Orion products for versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1 and update your versions as noted in the SolarWinds security advisory
  2. Identify and block all traffic to and from external sources where Orion software is installed
  3. Remove exemptions for Orion software file directories in your organization’s antivirus software and scan your systems
  4. Identify threat-actor controlled accounts and remove those accounts
  5. Continue monitoring systems for other suspicious activity and read updated advisories as more information about the attacks is discovered and released

SolarWinds and FireEye advisories: