On December 13, 2020, SolarWinds filed a U.S. Securities and Exchange Commission incident that confirms a cyber breach that was a result of a successful cyber attack on one of the bureaus in the Commerce Department. The attack was managed through a vulnerability in the SolarWinds Orion network management tool, which has a customer base of over 18,000 organizations.
Since receiving this complaint, CISA (Cybersecurity and Infrastructure Security Agency) has issued an emergency directive to govern all federal civilian agencies affected by this security vulnerability within the SolarWinds Orion suite of products.
ICMA members should check to see if they are running the Solarwinds Orion product, and if so, follow the emergency directive above. Members who suspect that their network has been hacked due to this vulnerability should alert their local FBI and DHS agency or contact them with questions.