"SolarWinds Hackers 'Impacting' State and Local Governments"

The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) issued a warning about the significant impact of the recent SolarWinds Orion software supply chain hacking attack. The attack on SolarWinds' Orion IT management platform affected several U.S. government agencies, including the departments of Treasury, Commerce, and Homeland Security. This attack also compromised critical infrastructure and organizations in the private domain. CISA urges all federal civilian agencies to review their networks for signs of compromise as well as disconnect SolarWinds Orion products. The agency has emphasized the significance of this cyber incident as it has impacted the U.S. federal, state, and local governments, in addition to critical infrastructure entities and private organizations. According to CISA, the Advanced Persistent Threat (APT) actor behind the SolarWinds supply chain attack is well-resourced and has extensively abused commonly used authentication mechanisms. The agency calls on organizations to prioritize the identification and elimination of this threat as it could lead to the exposure of highly sensitive information. CISA is working with the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) to form a Cyber Unified Coordination Group (UCG), which will establish a coordinated whole-of-government approach to addressing the SolarWinds attack. This article continues to discuss the impact and severity of the SolarWinds attack, as well as CISA's recommendations to organizations on addressing this threat and other efforts by the agency to respond to the attack. 

Infosecurity Magazine reports "SolarWinds Hackers 'Impacting' State and Local Governments"