Get Help Now
CONTACT US

SHARE

RESOURCES  >   BLOG

Action Steps Surrounding SolarWinds Orion Compromise

Posted December 2, 2020

The Department of Homeland Security recently published an alert regarding SolarWinds Orion products which has been exploited by malicious actors. ‘This tactic permits an attacker to gain access to network traffic management systems’.

Organizations can proactively determine whether they are at greater risk for this specific type of infection. Here’s what you should do:

  1. Validate your version of SolarWinds Orion (affected versions are 2019.4 through 2020.2.1 HF1)
  2. Investigate for indicators of compromise as outlined in DHS Emergency Directive 21-01
    1. [SolarWinds.Orion.Core.BusinessLayer.dll] with a file hash of [b91ce2fa41029f6955bff20079468448]
    2. [C:WINDOWSSysWOW64netsetupsvc.dll]
  3. If any indicators are identified, forensically image the impacted system(s) and work to understand impacts and enact your incident response plan.

If you believe you are experiencing a security incident, call our incident response hotline immediately: (800) 403-8350.

GreyCastle Security can evaluate your infrastructure to proactively identify, classify, and remediate security threats which may otherwise go undetected. GreyCastle Security’s Compromise Assessment will proactively identify and respond to a security incident. The Compromise Assessment will assess your environment to determine if threats are present or at imminent risk for a security incident.  To learn more about the GreyCastle Security Compromise Assessment, please send an email to intel@greycastlesecurity.com.


RELATED RESOURCES

Let’s Discuss Your Cybersecurity Needs

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us