On December 13, 2020, the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after discovering malware contained within a recently released software from the company Solarwinds. Solarwinds is an American company that develops software for businesses to manage their information technology. The malware has been discovered in Solarwind’s Remote Monitoring and Management platform named “Orion”.
The malicious software was implanted into the Solarwinds master servers around March of this year, from a successful attack by a sophisticated team of nation-state hackers. It is now known that this malware has affected many organizations and government entities which were utilizing the compromised Solarwinds software.
Morefield Communications does not utilize Solarwinds software in our delivery of environment monitoring and management services. In response to the recent cyber-attack, Morefield has conducted a thorough audit and review of its partners, suppliers, & distributors for any connector to SolarWinds software. We are working with all outside partners and providers to further identify any client’s connection to Solarwinds software and have proactively reached out to any of our clients known to have a connection to any version of SolarWinds software. Morefield has not sold or installed any hardware or software by the listed compromised companies. As part of our commitment to our clients, we acted quickly to ensure that none of our software providers or hardware products contained the same or similar vulnerabilities associated with the SolarWinds hack.
We continue to monitor our software and client systems diligently for all malicious or unusual activities, as well as all advisories for any similar events. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions.
Additional Information:
- SEC Report on SolarWinds – https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm
- SolarWinds Security Advisory – https://www.solarwinds.com/securityadvisory
- Dept. of Homeland Security Emergency Directive – Mitigate SolarWinds Orion Code Compromise – https://cyber.dhs.gov/ed/21-01/