SolarWinds is an Austin Texas based company that makes a lot of tools used by IT departments the world over. Their all-in-one monitoring suite known as Orion has been the victim of a supply chain attack. In what experts are calling a Nation State funded hack, updates to the software over the last several months were spiked with malicious code.
If your organization is running an infected edition, external entities may be able to gain full administrative access to your systems remotely. As with any event of this type, certain environmental conditions must be true for the access to be allowed. SolarWinds is recommending an immediate upgrade to the newest version and are aiming to release an additional hotfix on Tuesday December 15th. Review the SolarWinds page on the subject for new announcements, updates, and instructions. Security Advisory | SolarWinds.
Check your versions and spread the word. SolarWinds reportedly has as many as 300,000 Orion customers. FireEye, the security firm that discovered the hack, as a well as SolarWinds themselves, and several government agencies are attempting to notify as many as possible.