Latest Update on the SolarWinds Cyber Attack

SolarWinds, a global IT monitoring specialist, reported on Sunday 12/13/20, that it had fallen victim to a “highly-sophisticated, manual supply chain attack … likely by a nation state.” This event has embroiled numerous firms and the U.S. Government.

Please note that this breach is contained to SolarWinds Orion versions 2019.4 through 2020.2.1.

How does this affect you?

If you are a MCPc client subscribed to our Managed Patching program, SolarWinds has assured us that there is no indication that any of the SolarWinds MSP products have been compromised and no disruption to your service has occurred.

MCPc is aggressively monitoring all client environments for any anomalies.

If you are a MCPc EDR/SentinelOne client, you have an exceptional added layer of defense. Please see the related SentinelOne advisory here:
https://www.sentinelone.com/blog/fireeye-breached-taking-action-and-staying-protected/

MCPc’s security team is engaged in on-going conversations with the SolarWinds tech team and will continue to monitor their advisories. If you would like additional information, please contact your MCPc Account Manager.

If you are a SolarWinds Orion customer, please learn more here:
https://www.solarwinds.com/securityadvisory
https://www.solarwinds.com/securityadvisory/faq

If you aren’t sure which version of the Orion Platform you are using, see directions here: https://support.solarwinds.com/SuccessCenter/s/article/Determine-which-version-of-a-SolarWinds-Orion-product-I-have-installed

To check which hotfix updates you have applied, please go here: https://support.solarwinds.com/SuccessCenter/s/article/Verify-hotfixes-that-have-been-installed.

Additional Resources:
https://www.crn.com/slide-shows/security/10-things-to-know-about-the-solarwinds-breach-and-its-u-s-government-impact/2