The Department of Energy added its name to the growing list of federal agencies impacted by the compromise of the SolarWinds Orion product. However, while DOE found malicious software on its networks, it has uncovered no evidence that critical systems were affected. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” department spokeswoman Shaylyn Hynes said in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
