The CEA received the following alert from our contacts at BEIS together with this explanation:
SolarWinds Orion is software that is often used by larger businesses (but not exclusively) to help manage their IT. From looking at your member directory, the news of the SolarWinds incident will be of significance to many of them. They should find out if they have an affected system (if they haven’t already), the guidance linked below will help with the immediate steps they should take.
Please be advised that the National Cyber Security Centre (NCSC) has released an advisory relating to the compromise of SolarWinds and FireEye. It can be accessed on the NCSC website here, and the Cyber Security Information Sharing Partnership (CiSP) here (requires you to be a CiSP member).
SolarWinds, specifically their Orion IT system management platform, has been compromised and may be used for onward attacks against systems connected to the product. An attacker has been able to add a malicious, unauthorised modification to SolarWinds Orion products which allows them to send administrator-level commands to any affected installation.
This incident has been openly covered by various media outlets.
Please take time to review the advice provided above and see if you or key elements of your organisation (such as any managed service providers you are connected to) are affected. The NCSC guidance has detailed information that will help you find out if you have an affected system and the immediate steps you should take.
