The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.
(Updated January 6, 2021): One of the initial access vectors for this activity is a supply chain compromise of a Dynamic Link Library (DLL) in the following SolarWinds Orion products (see Appendix A). Note: prior versions of this Alert included a single bullet that listed two platform versions for the same DLL. For clarity, the Alert now lists these platform versions that share the same DLL version number separately, as both are considered affected versions.
Source: Cybersecurity & Infrastructure Security Agency