Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise
NJCCIC Advisory
Original Release Date: 12/20/2020
Summary
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.
In addition, CISA has released supplemental guidance to Emergency Directive (ED) 21-01, providing new information on affected versions, new guidance for agencies using third-party service providers, and additional clarity on required actions.
CISA encourages users and administrators to review the following resources for additional information on the SolarWinds Orion compromise.
- CISA Emergency Directive 21-01 - Supplemental Guidance v.1
- CISA Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
- CISA Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Reporting
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form at here.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.