The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory on a new advanced persistent threat (APT) that targeted the supply chain involving SolarWinds’ Orion information technology management platform and impacted public and private infrastructure.
The APT actor installed malicious code into Orion software updates that enabled access to customers’ network environments. Such breaches allow the threat actor to evade detection, create accounts and obtain classified information, CISA said in the advisory.
While the threat actor “only targeted some organizations with further network exploitation”, CISA recommends that organizations address system vulnerabilities and share threat information to support the Department of Homeland Security (DHS) component's response efforts.
According to CISA, organizations must allocate sufficient resources, encourage third-party support and consider rebuilding network assets that utilize Orion.
CISA is additionally investigating other APT incidents that breach Security Assertion Markup Language authentication procedures, the agency noted.