The FBI, Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Director of National Intelligence issued a joint statement Wednesday night confirming an investigation is underway over a hack of government networks.
Cybersecurity officials at Homeland Security ordered federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network.
Previously, officials said that the network was “compromised.”
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said earlier this week. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
On Wednesday, SolarWinds acknowledged the cyberattack.
“SolarWinds has been made aware of a cyberattack to our systems that inserted a vulnerability within our SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,” the company said. “We have been advised that this incident was likely the result of a highly sophisticated, targeted, and manual supply chain attack by an outside nation state, but we have not independently verified the identity of the attacker.”
Federal officials said that the FBI is engaging with victims and is conducting an investigation.