SolarWinds Orion Security Breach
Dec 14, 2020
December 14, 2020
Re: SolarWinds Orion Security Breach
From: Mark Schnitter, Nexigen Chief Information Officer
To: All Nexigen Clients and Partners
Over the weekend, Nexigen learned about a highly targeted and sophisticated attack directed at the United States, specifically the US Treasury. Part of the attack involved manipulating a software product offered by SolarWinds, who is one of our vendor partners. The following is the verbatim communication sent this past weekend by SolarWinds MSP President John Pagliuca to all their partners:
“We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack. At this time, we are not aware of an impact to our SolarWinds MSP products including RMM and N-central.
If you own a SolarWinds Orion product, we recommend you visit www.solarwinds.com/securityadvisory for more detailed information. If you have any immediate questions, please contact Customer Support at 1-866-530-8040 or firstname.lastname@example.org. Security and trust in our software are the foundation of our commitment to our customers. Thank you for your continued patience and partnership as we continue to work through this issue.”
While Nexigen does leverage technologies branded and marketed by SolarWinds, the products we are currently using have not been identified as being vulnerable or involved in this security incident. Our management and security teams are actively monitoring the situation closely and will advise you of any new developments specific to our product and service offerings.
At this time, no specific action is required by you. The current situation is very fluid and could change. If this does occur, we will send additional communications with specific instructions or updates.
If you should have any questions or concerns, please feel free to contact your account manager directly or email the Nexigen Service Desk at email@example.com.
Thank you for your continued patronage and support.
Mark Schnitter, CIO