SolarWinds Orion Incident

Updated: Dec 19, 2020

We have brought many of the CDN hacks to your attention before but the latest detection shows that Solar Winds and many other security tools are being hacked by CDN's and or DNS manipulation. We don't know for sure if this played a role in what has occurred but it makes us wonder since we have seen this with other legitimate software and applications.

The same methods we use to protect networks is being used by adversaries to plant backdoors in legitimate software. We previously reported on other applications having issues in other blog post. See the list of warnings below. Until companies stop allowing this traffic, it's an open door that can't easily be blocked with traditional security solutions.

This is not the last time we will call out CDN downloads or the fact that they have been leveraged for years to infect tools that can do great harm to your organization.

Previous Warnings and Post (Related Content):

JS-006-17 - Trojaned CDN Bulletin

Follow Up Alert

Saudi Arabia Targeted

Verizon Media CDN Backdoors

Internet Explorer Backdoors

We noted many legitimate software applications being targeted and distributed through CDN's when users requested the download. It may in fact be the case that these backdoored applications were caused by access to GitHub repositories.