SolarWinds, in an 8-K filed with the US Securities and Exchange Commission yesterday, says that some thirty-three-thousand customers had potentially been exposed by vulnerabilities in its Orion platform, but that it believed that “the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” still a disturbingly large number. The company expects to make a patch available today.
It’s not entirely clear how the spies, presumably Russia’s SVR, obtained access to SolarWinds and thus to the software supply chain, but ZDNet reports that a compromise of the company’s Microsoft Office 365 email and office productivity accounts may have provided a point of entry.
Bloomberg reports that FireEye found the SolarWinds compromise in the course of investigating the breach of its own red-teaming tools. They found Cozy Bear’s Sunburst backdoor and disclosed its existence to both SolarWinds and law enforcement. Volexity says this incident is connected to a 2019 campaign against think tanks.
CISA issued Emergency Directive 21-01 late Sunday; Lawfare has a quick account of what that directive meant for US Federal organizations and many of their contractors. The Washington Post reports that five major US agencies—the Departments of State, Homeland Security, Commerce, and the Treasury, and the National Institutes of Health—are known to have been affected.
Consensus holds that the effects of the cyberespionage will continue to spread. The Telegraph reports that GCHQ is investigating the potential impact of the incident on the UK.
