![]() We swiftly released hotfix updates to impacted customers, regardless of their maintenance status, that we believe will close the vulnerability when implemented.The vulnerability was not evident in the Orion Platform products’ source code but appears to have been inserted during the Orion software build process.Also, while we are still investigating our non-Orion products, to date we have not seen evidence that they are impacted by SUNBURST. ![]() The vulnerability has only been identified in updates to the Orion Platform products delivered between March and June 2020, but our investigations are still ongoing. This particular intrusion is so targeted and complex that experts are referring to it as the SUNBURST attack. This was a highly sophisticated cyberattack on our systems that inserted a vulnerability within our Orion® Platform products.We are solely focused on our customers and the industry we serve. Our top priority has been to take all steps necessary to ensure that our and our customers’ environments are secure. We are taking extraordinary measures to accomplish this goal. We shared all of our proprietary code libraries that we believed to have been affected by SUNBURST to give security professionals the information they needed to do their research. We also have had numerous conversations with security professionals to further assist them in their research. We were very pleased and proud to hear that colleagues in the industry discovered a “killswitch” that will prevent the malicious code from being used to create a compromise. We have reached out and spoken to thousands of customers and partners in the past few days, and we will continue to be in constant communication with our customers and partners to provide timely information, answer questions and assist with upgrades. These updates were made available to all customers we believe to have been impacted, regardless of their current maintenance status. To accomplish that, we swiftly released hotfix updates to impacted customers that we believe will close the code vulnerability when implemented. We remain focused on addressing the needs of our customers, our partners, and the broader technology industry. Know that each of our 3,200 team members is united in our efforts to meet this challenge. Immediately after this call, we mobilized our incident response team and quickly shifted significant internal resources to investigate and remediate the vulnerability. While security professionals and other experts have attributed the attack to an outside nation-state, we have not independently verified the identity of the attacker. We soon discovered that we had been the victim of a malicious cyberattack that impacted our Orion Platform products as well as our internal systems. On Saturday, December 12, our CEO was advised by an executive at FireEye of a security vulnerability in our Orion Software Platform which was the result of a very sophisticated cyberattack on SolarWinds.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |