SolarWinds Security Advisory RE: CERT Emergency Directive
Recent as of April 6, 2021, 9:00am CST
SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our SolarWinds® Orion® Platform. We believe that this attack impacts Orion Platform build versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1 as referenced in Cybersecurity and Infrastructure Security Agency (CISA) Computer Emergency Readiness Team (CERT) Emergency Directive 21-01 issued December 13, 2020, and updated December 18 and 30, 2020, and January 6, 2021.
CERT issued Alert (AA20-352A), titled Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, as an update to ED 21-01 on December 17, 2020, based on our coordination with the agency, and has updated this alert as of December 19, 2020. Additionally, CISA released a malware analysis report of SUPERNOVA on January 27, 2021.
The latest information can be found here at the CISA Supply Chain Compromise page at https://www.cisa.gov/supply-chain-compromise, or at:
- CISA Malware Analysis Report (AR21-027A): MAR-10319053-1.v1-Supernova, published January 27, 2021: https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a
- CISA Malware Analysis on Supernova, published January 27, 2021: https://us-cert.cisa.gov/ncas/current-activity/2021/01/27/cisa-malware-analysis-supernova
- Emergency Directive 21-01 Supplemental Guidance v3, published January 6, 2021: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance-v3
- Emergency Directive 21-01 Supplemental Guidance v2, published December 30, 2020: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance
- CERT Alert (AA20-352A), Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, updated December 19, 2020: https://us-cert.cisa.gov/ncas/alerts/aa20-352a
- Emergency Directive 21-01 Supplemental Guidance, published December 18, 2020: https://cyber.dhs.gov/ed/21-01/#supplemental-guidance
- Original CISA Release on ED 21-01, published December 13, 2020: https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network
- Original Emergency Directive 21-01, published December 13, 2020: https://cyber.dhs.gov/ed/21-01/
The latest release Orion Platform version 2020.2.5 is now available in the SolarWinds Customer Portal at customerportal.solarwinds.com. If you aren't sure which version of the Orion Platform you are using, see directions on how to check that here. To check which hotfixes you have applied, please go here.
If you’re unable to upgrade at this time, we have provided a script that customers can install to temporarily protect their environment against the SUPERNOVA malware. The script is available at https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip.
More information is available on our Security Advisory page at solarwinds.com/securityadvisory, and in our FAQs at solarwinds.com/securityadvisory/faq. You can also Subscribe to this RSS Feed to be notified when we update this page (note: you will need to cut and paste the "Subscribe to this RSS feed" URL into an RSS Feed Reader, e.g. Outlook's RSS Subscriptions, to monitor updates).
As noted by the Department of Homeland Security (DHS), this emergency directive remains in effect until all agencies have applied the forthcoming patch or the directive is terminated through other appropriate actions.
Security and trust in our software is the foundation of our commitment to our customers. We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security process, procedures and standards designed to protect our customers.
Thank you for your continued patience and partnership as we continue to work through this issue. We are continuing our investigations and will strive to keep you updated of any new developments or findings.