America’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over the widespread impact of a recent hacking attack that compromised the SolarWinds Orion software supply chain.
The assault on SolarWinds hit the headlines earlier this month after it was discovered and disclosed by researchers at FireEye. The advanced persistent threat (APT) group behind the attack was able to compromise government agencies, critical infrastructure, and private-sector organizations.
Recognizing the serious nature of the attack, CISA put out an emergency directive on December 13 calling “on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”
On Wednesday, the agency described the pervasive campaign as a “significant cyber incident” and said that it is affecting US government at all levels.
In a statement posted to its website, the agency said that it “is tracking a significant cyber incident impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations.”
CISA stated that the APT actor responsible for compromising the SolarWinds Orion software supply chain has also carried out widespread abuse of commonly used authentication mechanisms and is well resourced.
The agency then went on to warn organizations to focus on handling the threat posed by this particular campaign before tackling any other cybersecurity issues.
“This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked,” warned the agency.
“CISA urges organizations to prioritize measures to identify and address this threat.”
The agency has teamed up with the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) to form a Cyber Unified Coordination Group (UCG) that will coordinate a whole-of-government response to the SolarWinds attack.
CISA said that it remains available to help organizations victimized by the incident.
The agency said that it “remains in regular contact with public and private sector stakeholders and international partners, providing technical assistance upon request, and making information and resources available to help those affected to recover quickly from incidents related to this campaign.”