The Cybersecurity and Infrastructure Security Agency says that SolarWinds’ Orion product was not the only attack vector that allowed foreign hackers to access federal networks. In a recent alert, CISA said it had identified at least one other entry point besides Orion, through which bad actors have targeted government IT and security personnel. “The adversary’s initial objectives, as understood today, appear to be to collect information from victim environments,” the alert states. “CISA has observed in its incident response work adversaries targeting email accounts belonging to key personnel, including IT and incident response personnel.”
CISA identified four versions of the SolarWinds Orion software that had been compromised. While those entry points have been closed, which blocks further intrusions, the existing damage has not yet been fixed. In short, hackers who obtained access through Orion likely still have access to those networks and could use their privileges to further infiltrate agency systems.