CRITICAL Advisory: Active Exploitation of SolarWinds Orion Software Observed in the Wild
SolarWinds has found highly sophisticated, manual exploitations for versions 2019.4 to 2020.2.1 of SolarWinds Orion products. This attack is extremely targeted and manually executed and is likely performed by a nation state.
The threat actor primarily leverages a malware commonly known as SUNBURST to conduct a global supply-chain attack against the SolarWinds Orion platform.
The malware is highly sophisticated and can transfer and execute files, profile systems, reboot machines, and disable security services. It can also obfuscate itself to avoid detection.
Both SolarWinds and the CISA strongly suggest that organizations using SolarWinds Orion verify the version they’re running and upgrade immediately, if required.
Information from SolarWinds on the vulnerability:
For a more technical overview: