[German]U.S. manufacturer Solarwinds warns its customers of possible cyber attacks and recommends uninstalling Web Help Desk (WHD) 12.7.5 in a security message dated March 15, 2022. The background is attacks on Web Help Desk (WHD) 12.7.5 reported by customers. So far it is still unclear what exactly happened, it is probably a precautionary measure.
Advertising
SolarWinds was, after all, the victim of a supply chain attack in 2020, where customers' systems were hacked. Suspected state hackers had managed to manipulate SolarWinds' widely deployed network and security products around the world. A supply chain attack rolled out a Trojan or the SunBurst backdoor with a software update. This affected a great many SolarWinds customers.
Therefore, it is no wonder that the US vendor SolarWinds is now reacting very quickly and on suspicion. I came across the security alert Advisory / Unauthenticated Access in Web Help Desk (WHD) 12.7.5 via the following tweet as well as other press reports.
The advisory states that a SolarWinds customer noticed and reported an external attack attempt on its instance of Web Help Desk (WHD) 12.7.5. The customer's Endpoint Detection and Response (EDR) system blocked the attack and alerted the customer to the problem. SolarWinds, which was hobbled by a supply chain attack, is currently investigating the report. The vendor writes that it was not able to reproduce the scenario. But they are working with the customer to continue the investigation.
SolarWinds recommends all Web Help Desk customers whose Web Help Desk implementation is accessible from the Internet remove it from the public, Internet-accessible, infrastructure as a precaution until the vendor has further insight. Those who cannot do so should monitor the SolarWinds infrastructure for attacks using EDR software.
Advertising
Similar articles:
FireEye hacked, Red Team tools stolen
US Treasury and US NTIA hacked
SolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?
Sloppiness at SolarWinds responsible for compromised software?
News in the fight against SUNBURST infection, domain seized
SUNBURST malware: Analytic Tool SolarFlare, a 'Kill Switch' and EINSTEIN's fail
SUNBURST malware was injected into SolarWind's source code base
SUNBURST: US nuclear weapons agency also hacked, new findings
SolarWinds hack: Microsoft and others also affected?
SUNBURST hack: Microsoft's analysis and news
2nd backdoor found on infected SolarWinds systems
SolarWinds hackers had access to Microsoft source code
SolarWinds hack: Hacker goals; outsourcing are under investigation?
News from the SolarWinds hack; JetBrains software as a gateway?
Kaspersky: SolarWinds Sunburst backdoor resembles Russian ATP malware
SolarLeaks allegedly offers source code from Cisco, Microsoft and SolarWinds
Malwarebytes also successfully hacked by the SolarWinds attackers
Four more security vendors confirm SolarWinds incidents
Accusation: Microsoft failed with security in the SolarWinds hack
SolarWinds: Update for Orion software; attackers had access to top DHS accounts
SolarWinds patches critical Serv-U vulnerability (July 2021)
27 U.S. Attorney's Offices Affected by SolarWinds Hack
SolarWinds attackers target Microsoft partners – lack of basic cyber-security
Advertising