A secret backdoor was implanted in SolarWinds Orion security monitoring system.  Every organization using this suite of products should check & fix if issues are found.  That will help prevent unauthorized access & potential malware compromises.  The SANS ISC & CISA links below are excellent & have detailed information on how to find & get on a clean secure version of the security software.



The attackers used the access they gained to the SolarWinds network to add a backdoor to a key library that is part of SolarWinds. This modified library was delivered to selected SolarWinds customers via the normal SolarWinds update process. SolarWinds Orion versions 2019.4 through 2020.2.1 HF1 are potentially affected. The backdoor is part of SolarWinds.Orion.Core.businessLayer.dll. This is a legitimate DLL that is modified by the attacker. The DLL is digitally signed by “Solarwinds Worldwide, LLC”. The update was distributed using the legitimate SolarWinds

CISA is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020.  CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures: