FireEye and SolarWinds—SolarWinds Orion Platform Software: May Be Vulnerable to Backdoor Exploit

ECRI's complete weekly summary of medical device hazard and recall information is available in ECRI's Health Device Alerts. For more information contact us at clientservices@ecri.org.

In a December 13, 2020, Sector Alert posted by the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3), HC3 states that FireEye and SolarWinds have released security advisories detailing a highly-skilled and highly-targeted manual supply chain attack on the SolarWinds Orion Platform network management system that leverages software updates to deploy a backdoor to victim organizations. SolarWinds Orion is an IT performance monitoring platform that helps organizations manage and optimize their IT infrastructure. The actors behind this campaign have likely gained access to numerous public and private organizations around the world starting as early as Spring 2020. Signatures to detect this threat are available and mitigations...