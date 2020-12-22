SolarWinds recently reported a compromise of versions 2019.4 through 2020.2.1 HF1 of their Orion

Platform by “a highly sophisticated, targeted, and manual supply chain attack by an outside nation

state.”

The Orion Platform is a network management software used by numerous government agencies

and approximately 300,000 additional customers worldwide. It is believed that malicious code was

installed into software updates provided by SolarWinds to the platform’s customers. Once the update

was installed, it provided attackers access to the client’s networks, allowing for elevated credential

access, lateral movement throughout the network, and the ability to create other persistence mechanisms

on devices and networks.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Active Exploitation of

Solar Winds Software alert, which includes multiple FireEye and SolarWinds advisories detailing

potential countermeasures. CISA also issued Emergency Directive 21-01, which applies to federal

agencies using SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, and provides a list of

known Indicators of Compromise (IOC).

The Coast Guard strongly urges all Marine Transportation System stakeholders using impacted versions of SolarWinds to take immediate actions to mitigate any risks of compromise.

Any potential threat to the cybersecurity of your vessel or facility should be taken seriously, the Coast Guard said,

and Breaches of Security or Suspicious Activities resulting from cyberincidents shall be reported to the

National Response Center at 1-800-424-8802. For additional technical support, contact the

Coast Guard Cyber Command’s 24×7 watch at 202-372-2904 or via email at CyberWatch@uscg.mil.

Your willingness to comply and report in a timely manner helps the U.S. respond quickly and effectively

and makes the maritime critical infrastructure safer.