Skip to main content
IT Community Partnerships Indiana University

Response to Global Cybersecurity Incident

Posted on by mkleine

IT Professionals,

Earlier this week, IT service management company SolarWinds announced that they were the victim of a cyberattack which inserted malicious code, called Sunburst [1][2], into their Orion platform by way of their software update service.  Reports also indicate that Microsoft was targeted in this attack; while they do not believe their systems were directly compromised, services they provide, such as Azure Active Directory and Active Directory Federated Services, were abused to target additional organizations.

Upon installation and activation of the trojaned update, the malicious software could allow an attacker to compromise the server on which the Orion products run and access all saved network monitoring credentials.  Attackers could then move laterally throughout the environment, including escalating privileges and pivoting into cloud resources.  This method of inserting malicious software into a legitimate application is commonly referred to as a supply chain attack [3].  Please note that this method of pivoting to other IT resources in a network is not made possible by way of a new vulnerability; instead, it relies on attackers already having gained access to administrative accounts.

If you believe your department is running a known compromised SolarWinds product [4], or you have an Orion Platform that has not been brought to the attention of the University Information Policy and Security Offices (UIPO and UISO), please immediately contact us at it-incident@iu.edu and follow up with a call to 812-855-8476 to confirm receipt.

If you do not run any SolarWinds products, no action is needed.

Although we believe that the risk to IU is low, the UIPO, UISO, and partner units will continue monitoring for new developments. We will continue assessing our defenses in light of these ongoing cyber-attacks and will take action as appropriate.

Thank you for your ongoing partnership to protect IU.

–             IT Community Partnerships on behalf of The University Information Policy and Security Offices

[1] https://www.bbc.com/news/world-us-canada-55358332
[2] https://www.solarwinds.com/securityadvisory
[3] https://en.wikipedia.org/wiki/Supply_chain_attack
[4] https://www.solarwinds.com/securityadvisory/faq

Skip to toolbar