Last Updated:- No Author? Please read our Author name suppression policy for more information by clicking here. Do you have a story? send newstips to [email protected]
Do you believe in independent owned news? please help us keep the independent industry alive by contributing for as little as $5 /moDonate
A New Zealand Government Security Authority named CERT NZ has issued an advisory of the SolarWinds hack that happened earlier this year.
The Department of Homeland Security (DHS) was reported recently as a victim and a target by the cyberattack.
IT company SolarWinds has more than 300,000 customers, and this includes several federal and state agencies in the United States and some who operate in different countries around the world. Around 33,000 of SolarWinds customers were alerted about the attack.
Some customers were affected after downloading or updating their Orion products between March and June of this year.
It is reported that the SolarWinds Orion vulnerability was actively being exploited for months, according to CERT NZ.
A statement was posted on CERT NZ’s website, that reads: “CERT NZ is aware a critical vulnerability in the SolarWinds Orion network management platform is actively exploited by a sophisticated threat actor.”
“CERT NZ understands this is the same vector used in high-profile compromises, like the security firm FireEye.”
A hotfix was recently released, which prevents the hack and vulnerability of many organisations, but it has to be updated manually. The additional hotfix will be expected to release on Wednesday, December 16 (NZT).
CERT NZ advised organisations to download a hotfix version supplied on their statement and consider isolating their servers immediately. It was also recommended that there be no internet connection until the servers can be patched and secured.
“Organisations need to carefully assess the applicability of this guidance based on their network configuration and dependencies,” said CERT NZ in the statement.
“A sophisticated threat actor has been using this access to compromise networks and exfiltrate data, with high-profile compromises reported in the United States.”
The hack can backdoor and use remote execution access to any service that it has infected if it is running one of the vulnerable versions.
The version(s) of SolarWinds Orion products that is vulnerable is ver. 2019.4 HF 5 and ver. 2020.2 – 2020.2 HF 1 — the version that has been immediately recommended to hotfix any vulnerabilities are Orion Platform version 2019.4 HF 6, Orion Platform version 2020.2.1 HF 1k or Orion Platform version 2020.2.1 HF 2.
Changing passwords on accounts was recommended in addition to applying the patch.
CERT NZ says if anyone does have concerns about a possible compromise of their network via this vulnerability, they are encouraged to report it via www.cert.govt.nz/report immediately.
It is unknown if any organisations in New Zealand, as thisquality understands, including Government departments, are involved or associated with SolarWinds products.
UPDATE: We have updated our SolarWinds Orion advisory to include more details on systems and products affected and latest hotfix solutions https://t.co/YEEIaoAWBJ
— CERT NZ (@CERTNZ) December 15, 2020
An earlier version of this article claimed CERT NZ became a victim of the hack. thisquality was contacted for an article correction by CERT NZ, and that has been applied as of 16.12.20 at 6:10 pm NZT.