CISA continues to update guidance & information related to an exploit implanted into SolarWinds Orion security software that was used by numerous GOVT & business customers.

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise | CISA

Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise | CISA

CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally, CISA has publicly issued Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise to all federal agencies that have—or had—networks that used affected versions of SolarWinds Orion and have evidence of follow-on threat actor activity.

Although the guidance in AR21-134A and ED 21-01 Supplemental Direction V.4 is tailored to federal agencies, CISA encourages critical infrastructure entities; state, local, territorial, and tribal government organizations; and private sector organizations to review and apply it, as appropriate.

Review the following resources for additional information: