Connect with us

Hi, what are you looking for?



SolarWinds Removes Customer List From Site as It Releases Second Hotfix

SolarWinds has released a second hotfix for its Orion platform in response to the recent breach, and the company has decided to remove from its website a page listing some of its important customers.

SolarWinds has released a second hotfix for its Orion platform in response to the recent breach, and the company has decided to remove from its website a page listing some of its important customers.

IT management and monitoring solutions provider SolarWinds revealed this week that sophisticated threat actors compromised the build system for its Orion monitoring platform, which allowed the attackers to deliver trojanized updates to the firm’s customers between March and June 2020. The hackers could then compromise the servers of the organizations that downloaded, implemented or updated Orion products in that timeframe.

Shortly after news of the breach broke, the company informed customers about the availability of a hotfix, but promised to release a second hotfix that replaces the compromised component and provides additional security enhancements.

The company released that second patch on Tuesday, namely version 2020.2.1 HF 2 of the Orion platform, and it has informed customers that no other products have been compromised. The company has provided a complete list of both affected and not affected products, and it has published an FAQ document to answer some of the questions customers might have.

In an SEC filing this week, SolarWinds said it notified 33,000 customers about the incident, but pointed out that only up to 18,000 actually obtained the compromised software.

The attack is believed to have impacted many major organizations, including cybersecurity firm FireEye, which broke the news after the attackers stole some of its Red Team tools, and various U.S. government organizations.

According to media reports, the list of U.S. government targets could include the DHS, the Commerce Department, the Treasury, the Defense Department, the State Department, and the National Institutes of Health. Britain’s National Cyber Security Centre (NCSC) says it’s assessing the impact on the UK.

Advertisement. Scroll to continue reading.

Related: Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank

At around the time it released the second hotfix, SolarWinds decided to remove from its website a page listing high-profile customers. The now-removed page said the company had 300,000 customers worldwide, including 425 of US Fortune 500 companies, the top US telecoms and accounting firms, hundreds of universities and colleges, as well as several US government organizations.

SolarWinds removes customer page

Microsoft, which dubbed the attack Solorigate, has also taken steps to protect customers, including through updates for Microsoft Defender Antivirus that should ensure known malicious SolarWinds binaries are blocked.

While it’s still unclear exactly how the attackers managed to breach SolarWinds’ systems, some reports that emerged over the past days revealed security lapses. Reuters learned that multiple threat actors have offered to sell access to SolarWinds systems on underground forums. And one researcher said he informed SolarWinds in November 2019 that FTP credentials belonging to the company had been exposed in a public GitHub repository.

Russia appears to be the prime suspect for the SolarWinds hack, specifically the group tracked as APT29 and Cozy Bear, but the Kremlin has denied the allegations.

Related: Industry Reactions to FireEye Breach: Feedback Friday

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.