Breach, Content

CISA Issues APT Cyber Activity Warning

Credit: CISA

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released "What Every Leader Needs to Know About the Ongoing APT Cyber Activity," a warning that details the risks associated with advanced persistent threats (APT).

The warning comes after FireEye's discovery that an APT actor has been exploiting SolarWinds Orion software.

During the SolarWinds incident, an APT actor inserted malicious code into Orion software updates, according to CISA. Once these updates were applied, an APT actor could use them to access customer networks.

To date, the APT actor involved in the SolarWinds incident has only targeted certain organizations, CISA stated. However, all organizations that have installed compromised Orion updates remain at risk.

How to Remediate Risk Following the SolarWinds Security Incident

CISA offered the following recommendations to help organizations remediate risk following the SolarWinds incident:

  • Determine if your organization has been affected. Evaluate software use to find out if one of the affected versions of Orion is being used or has been used.
  • Prioritize incident response and remediation. If an organization is using or has used Orion, its legal, financial and operations personnel should work with cybersecurity professionals to take the proper response and remediation actions.
  • Allocate resources appropriately. Empower information security staff to investigate an IT environment for adversary activity.
  • Seek additional support. Review CISA guidelines and watch for future guidance relating to the SolarWinds incident.
  • Optimize operational security. Ensure advanced security processes and protocols are in place throughout incident response and remediation.

In addition, CISA has created a new Supply Chain Compromise webpage to consolidate all of the resources it has released relating to the SolarWinds incident. CISA also will continue to update the webpage to include new cyber community partner resources.

SolarWinds Statements About Orion Security Incident

Meanwhile, SolarWinds has provided the following updates to partners and customers:

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.