Key government departments in the US have been targeted in a major cyberespionage campaign.
The suspected state-sponsored attacks were directed at the networks of the treasury, commerce and homeland security departments.
Federal civilian agencies were told to disconnect from SolarWinds Orion following the breach by malicious actors.
Casey Ellis, the CTO, Founder and Chairman of Bugcrowd, said: “The breach of SolarWinds Orion’s code poses a major threat to the Federal Civilian Executive Branch agencies that were using its software, as well as the 425 Fortune companies in their client list, and many other organizations worldwide.
“Well-funded, talented, motivated nation-states exist as a crowd of potential adversaries with diverse skill sets, a variety of motivations and goals, and incentive to get results.
“A sufficiently motivated and resourced adversary will ultimately always achieve their goals, an army of allies stands ready to help raise the bar, increase the cost of an attack and route the adversary into places where they can be more easily detected.”
SolarWinds said all users of its Orion platform should upgrade immediately to address a security vulnerability.
A statement from the company said: “We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted and manually executed attack, as opposed to a broad, system-wide attack.”
You can read the full SolarWinds Security Advisory here.Click below to share this article