Vulnerabilities appear to be related to systems updates.
Solar Winds, an IT company that runs network management systems and whose clients include the Department of Justice, the Census Bureau, the Department of Veterans Affairs, and other federal agencies say that cyber systems have been attacked. The Department of Homeland Security issued a government-wide directive to purge agency networks of potentially compromised servers after Treasury and Commerce Departments were found to be victims of a months-long cyberattack campaign.
The president and CEO of Solar Winds said in a statement, “We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products. We believe this vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation state.”
The DHS wrote in the late-night directive, “CISA [the DHS’ Cybersecurity and Infrastructure Security Agency] has determined that this exploitation of Solar Winds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. CISA understands that the vendor is working to provide updated software patches. However, agencies must wait until CISA provides further guidance before using any forthcoming patches to reinstall the Solar Winds Orion software in their enterprises.”
CISA stated via Twitter, “We urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks.”
The Russian foreign intelligence service is suspected of orchestrating the attack, but Russia said the allegations against them were “unfounded attempts of the U.S. media to blame Russia.”
As the Lord Leads, Pray with Us…
- For the protection of America’s governmental agencies from cyberattacks, whoever is making them.
- For those who are trying to remedy attempts by nation-states and others to gather data or otherwise interfere with the operations of U.S. agencies.
- For the president’s administration as they seek to protect the U.S. from cybercrime.
Sources: Washington Examiner, National Review