CISA Updates on SolarWinds Orion Cyber Incident

 

Over the last month, a largescale cyber incident affected over 18,000 federal government and private industry systems who utilize SolarWinds Orion technology. It has been confirmed that this Advanced Persistent Threat is primarily used for information-gathering activity.

The Cybersecurity Infrastructure Security Administration (“CISA”) recently issued an update on their remediation progress, which includes a joint task force Cyber Unified Coordination Group (“UCG”) between CISA, ODNI and the FBI. The FBI operates as the investigation lead for the group.

CISA shared the following in regards to the SolarWinds Orion attack:

  1. The FBI’s investigation is presently focused on four critical lines of effort: identifying victims, collecting evidence, analyzing the evidence to determine further attribution, and sharing results with government and private sector partners.
  2. CISA has created a free tool for detecting unusual and potentially malicious activity related to this incident and issued technical mitigation strategies to help organizations take immediate action.
  3. ODNI is providing situational awareness for key stakeholders and coordinating intelligence collection activities to address knowledge gaps.

QED National strongly recommends that affected organizations stay informed by monitoring UCG communications, which can be found on CISA.gov –  Blog and Newsroom tracker.