The Department of Energy added its name to the growing list of federal agencies impacted by the compromise of the SolarWinds Orion product. However, while DOE found malicious software on its networks, it has uncovered no evidence that critical systems were affected. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” department spokeswoman Shaylyn Hynes said in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
Cybersecurity, Privacy, & AI
Trending Now
Your AI Agent Could Become Your Biggest Insider Threat • The New Cyber Deterrent Isn’t a Weapon. It’s Cyber Recovery. • Commerce OIG Calls for Changes to NIST Vulnerability Database Management • Pentagon Looks to AI, Other Tech to Help Tackle Contested Logistics Challenges • How Defensive Cyber Responds to Hockey-Stick Growth of AI-Driven Threats
DOE: SolarWinds-Related Malware on IT Networks, but Critical Systems Unaffected
Jon Kraft | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.