Health-ISAC TLP White Threat Bulletin - December 14, 2020

December 14, 2020

SolarWinds Breach Attributed to Latest US Agency Attacks

On December 13, 2020, information technology solutions company SolarWinds reported they were breached by Nation State threat actors from Russia. The breach was used to leverage further attacks against several US federal agencies. SolarWinds released a statement that their systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020. The US Cybersecurity and Infrastructure Security Agency (CISA) released Emergency Directive 21-01, stating that potential exploitation poses an unacceptable risk and affected agencies shall immediately disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, from their network.

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets