SolarWinds Orion hack: Pentagon, White House and US army impacted

Communications at the US treasury and commerce departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks.

According to Reuters, which broke the news on Sunday, hackers believed to be working for Russia have been monitoring internal email traffic at the US treasury and commerce departments. Reuters reported that the hackers managed to hide malicious code in a software update for a tool called Orion, which is typically used to make IT simpler with a single panel for administering various parts of a network.

Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020 which provided them with a strong foothold for future hacking.

SolarWinds, publicly-listed in Austin, is a Texas-based company with a value of over $6 billion. According to the company, it has over 300,000 customers including more than 425 of the US Fortune 500 all ten of the top 10 US telecommunications companies, all five branches of the US military, all five of the top five US accounting firms, the Pentagon, the State Department, the National Security Agency, the department of justice and the White House.

The Pentagon is the biggest customer, with the army and the navy being big users. The department of veterans affairs, which is heavily involved in the US response to Covid-19, is another Orion customer and the biggest spender on the tool in recent years. The National Institutes of Health, DHS and the FBI are also amongst the many branches of the US government that have previously bought the tool.

The immediate impact of the revelations is expected to be purely operational as Certified Information Systems Auditor (CISA) has recommended government civilian agencies to stop using SolarWinds Orion. “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks. Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation,” CISA’s acting director Brandon Wales said.

This is the fifth emergency directive issued by CISA under the authorities granted by Congress in the cybersecurity act of 2015.