18,000 organisations infected with state-sponsored malware

Organisations around the world have had a backdoor planted by Russian sponsored hackers Cozy Bear.

Around 18,000 organisations downloaded infected builds of network management tool SolarWinds Orion between March and June of this year. It is believed the backdoor was then used to install malware and gain access to e-mail and other sensitive resources. The breach was identified by security company FireEye when it discovered it had been a victim of the infected software.

Around 300,000 organisations globally use SolarWinds Orion product however it is believed that only ~18,000 downloaded the compromised builds. SolarWinds have said that the code was added due to a compromise of the build system and wasn’t present in the source code of the Orion product.

The US government has issued an emergency warning concerning the breach. Russia are currently denying involvement calling the accusations “groundless”.

At this time it is not believed to have impacted SolarWinds RMM, Patch management or other SolarWinds products.

Update: SolarWinds have now added a list of not affected products to their security advisory below:

SolarWinds statement: https://www.solarwinds.com/securityadvisory

US Emergency Directive: https://cyber.dhs.gov/ed/21-01/