SolarWinds: Update for Orion software; attackers had access to top DHS accounts

[German]Small update on the SolarWinds hack. The attackers probably had access to the emails of top people of the US Homeland Security (DHS). And the manufacturer SolarWinds has released a security update for its Orion software, which closes a new vulnerability.


It was known that suspected Russian state hackers managed to compromise the Orion software of the US manufacturer SolarWinds in 2020. Subsequently, the Trojan including the backdoor was infiltrated into tens of thousands of computers through an update rolled out by SolarWinds. This made government agencies, organizations and companies vulnerable to attack via the SUNBURST vulnerability. In addition, other attackers were able to penetrate the networks of SolarWinds customers via unclosed vulnerabilities and spy on the IT infrastructure.

SolarWinds's networking and security products are used by more than 300,000 customers worldwide, including top enterprises, government agencies and educational institutions. SolarWinds also supplies the major U.S. telecommunications companies, all five branches of the U.S. military, and other prominent government organizations such as the Pentagon, State Department, NASA, National Security Agency (NSA), Postal Service, NOAA, Department of Justice, and the Office of the President of the United States – the workup is still ongoing (see also the articles at the end of the post).

SolarWinds hack: DHS accounts affected

Now, Associated Press (AP) reports in this article that the hackers had access to email accounts of the Trump administration's heads of the Department of Homeland Security (DHS) and to the accounts of members of the Department's cybersecurity staff. Their duties include hunting for cyberthreats from abroad. Other email accounts of high-ranking government officials were also hacked. 

The hack of then-Acting Secretary Chad Wolf as part of the SolarWinds hack naturally raises questions. Among them, how is the U.S. government going to protect individuals, businesses and institutions across the country, when it can't get it together, so to speak, in its own store? Security specialists believe that this protection is not guaranteed unless something serious changes.

SolarWinds patches RCE bug in Orion

Vendor SolarWinds released security updates last week to address four vulnerabilities affecting the company's Orion IT monitoring platform. Two of these closed vulnerabilities allow remote code execution (RCE) and are rated critical.


The highest severity vulnerability is a critical JSON deserialization flaw that remote attackers can exploit to execute arbitrary code via Orion Platform Action Manager test alert actions. Exploitation is only possible by authenticated users.

A second RCE vulnerability, rated as severe, allows attackers to execute arbitrary code remotely as an administrator (RCE) and is located in the SolarWinds Orion Job Scheduler. Again, attackers need credentials from an unprivileged local account on the targeted Orion server to exploit the vulnerability. Bleeping Computer has compiled some details about the security updates for the Orion platform in this post.

Similar articles:
FireEye hacked, Red Team tools stolen
US Treasury and US NTIA hacked
SolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?
Sloppiness at SolarWinds responsible for compromised software?
News in the fight against SUNBURST infection, domain seized
SUNBURST malware: Analytic Tool SolarFlare, a 'Kill Switch' and EINSTEIN's fail
SUNBURST malware was injected into SolarWind's source code base
SUNBURST: US nuclear weapons agency also hacked, new findings
SolarWinds hack: Microsoft and others also affected?
SUNBURST hack: Microsoft's analysis and news
2nd backdoor found on infected SolarWinds systems
SolarWinds hackers had access to Microsoft source code
SolarWinds hack: Hacker goals; outsourcing are under investigation?
News from the SolarWinds hack; JetBrains software as a gateway?
Kaspersky: SolarWinds Sunburst backdoor resembles Russian ATP malware
SolarLeaks allegedly offers source code from Cisco, Microsoft and SolarWinds
Malwarebytes also successfully hacked by the SolarWinds attackers
Four more security vendors confirm SolarWinds incidents
Accusation: Microsoft failed with security in the SolarWinds hack

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *