ACSC warns of SolarWinds Orion compromise


By Dylan Bushell-Embling
Thursday, 17 December, 2020

ACSC warns of SolarWinds Orion compromise

The Australian Cyber Security Centre has issued a threat alert related to a global intrusion campaign as a result of updates to SolarWinds Orion network monitoring and management software.

The attack campaign, first identified by FireEye, involves a backdoor allegedly inserted in the downloads page for SolarWinds' Orion Windows monitoring platform.

According to the FireEye advisory, attackers have gained access to numerous public and private organisations around the world via trojanised updates to the software in a campaign which appears to have begun as early as the northern hemisphere's Spring 2020.

Investigations have discovered the use of a previously unseen memory-only dropper FireEye has named Teardrop to deploy the Cobalt Strike Beacon malware on compromised systems.

SolarWinds has confirmed the company has been made aware of a vulnerability, which the company said it believes is the result of a sophisticated, targeted attack by a nation state. Reports indicate that the attack may have been carried out by the notorious Russian hacking group Cozy Bear.

The ACSC is urging organisations running SolarWinds Orion software to follow the advice of FireEye and SolarWinds, which includes applying a new patch or ensuring Orion servers are isolated by limiting the ports and connections to only what is necessary, and disabling internet access to Orion servers.

In its own advisory, the US Department of Homeland Security has directed US agencies to go further and forensically image system memory and/or host operating systems hosting all instances of the compromised software, analyse stored network traffic for indications of compromise and immediately disconnect or power down all unpatched compromised versions from their network.

Image credit: ©stock.adobe.com/au/monsitj

Related News

New ASX entrants failing to detail cyber efforts

RSM Australia has warned that newly listed ASX companies are failing to detail their cyber...

archTIS wins $7m Defence contract

The Department of Defence has handed archTIS a $7m contract to allow it to expand its existing...

archTIS adds watermarking feature to NC Protect

archTIS has added a new capability within its NC Protect secure collaboration platform to help US...


  • All content Copyright ¬© 2022 Westwick-Farrow Pty Ltd