CISA Insights for ongoing APT Cyber Activity One of the key topics: CISA Issues Emergency Directive to Mitigate the Compromise of SolarWinds Orion Network Management Products. (24th Dec 2020)

Design weakness on SolarWinds Patch Manager found April, 2019. The flaw is that when Notepad++ and 7-Zip do not requiure trust sign verification. Fundamentally, 7-Zip has never signed their packages. Meanwhile the certificate to sign Notepad++ is expired at that time. SolarWinds asks customers with any of the below products listed as known affected for Orion Platform v2019.4 HF 5 to update to Orion Platform 2019.4 HF 6, which is available at https://customerportal.solarwinds.com/

Quick verification – CHECK FILES AND HASHES:
The presence of any of the following files indicates that a trojanized version of SolarWinds is installed.

1.File Name: SolarWinds.Orion.Core.BusinessLayer.dll, File Hash (MD5): b91ce2fa41029f6955bff20079468448

2.File Path and Name: C:[\]WINDOWS[\]SysWOW64[\]netsetupsvc.dll

Remedy: https://www.solarwinds.com/securityadvisory

Reference: http://www.antihackingonline.com/potential-risk-of-cve/fireeye-detected-apt-activities-go-through-solarwinds-product-13th-dec-2020/

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.