On Sunday, the Cybersecurity and Infrastructure Security Agency ordered all civilian government agencies to “disconnect or power down” all instances of SolarWinds Orion software on their systems by noon on Monday, December 14. This directive was issued in response to an FBI/CISA investigation into breaches of the SolarWinds software at the Commerce and Treasury Departments, apparently by Russian government hackers. The software is used to monitor and optimize IT infrastructure, and is deployed by many federal agencies.
SolarWinds posted a hotfix for their Orion software to address the vulnerability, and urged customers to install it, with another to follow the next day. However, CISA has instructed government agencies to leave their instances of the software isolated or turned off until further notice. Agencies with the expertise to do so are asked to make forensic images of their systems.
