Cybersecurity Alert: SolarWinds and FireEye Breach
Published December 17, 2020
There has been a supply chain attack on SolarWinds, a security vendor that aids companies in monitoring the health of their IT networks. Reports believe the supply chain attack on SolarWinds is connected to a campaign that also involves the hack of FireEye where hackers gained access to tools the company uses to help customers find security weaknesses in their network.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot said in a statement.
Microsoft said in a blog post that the hackers added malicious code to software updates which, “results in the attacker gaining a foothold in the network, which the attacker can use to gain elevated credentials.” Doing this allows them to forge sign-in information that impersonates any of the organization’s existing users and accounts.
Although SolarWinds hosts many accounting platforms, MCM CPAs & Advisors and MCM Technology Solutions do not utilize SolarWinds. SolarWinds has over 300,000 customers and it is unclear how many have been affected thus far.
Does your company use SolarWinds or FireEye?
The MCMTS Cybersecurity Team is here to help you keep your business safe from cyber attacks. To learn more about the breach and identify if your business was affected, please reach out to the MCMTS Cybersecurity Team by clicking here.