Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions

What You Should Know About the SolarWinds Nation-State Hack

Those of us in the IT community have likely heard that within the past two weeks, government agencies and private enterprises alike have suffered major information security breaches. At this time it has become clear that a sophisticated attack group, likely one associated with a nation-state such as Cozy Bear, is the probable culprit.

Lunavi has received numerous inquiries about our possible exposure to the supply chain vulnerabilities behind these attacks. We do not believe any of our systems are at risk. We have active tickets open with relevant partners and are keeping a close eye on the situation as it develops.

While our team is prepared to execute remediation efforts should they be required, your staff and leadership should also be aware of the full extent of this significant hack. Even if you are unaffected, this is a reminder that now is always the best time for a security audit.

Are Lunavi systems at risk?

Lunavi does not utilize the vulnerable Orion software but we do utilize N-Central software from SolarWinds. At this time, we have confirmed we are not impacted on version 2020.1.2.326 (2020.1HF2) and the older compromised version is We are in touch with SolarWinds and will be monitoring the situation as it continues to evolve.

What is the extent of the hacks?

On December 8th,  information security software vendor FireEye reported a likely nation-state hack accessing infosec assessment tools which mimic cyber threat vectors. While the company did not report any evidence of the tools being used, it has come to light that this hack was perpetrated using compromised SolarWinds Orion network management software.

This software has apparently been used to breach numerous private companies and public agencies as large as the Treasury Department, the Pentagon, and the Department of Energy.

The full extent of the hack is not totally known, but the software is used by tens of thousands. The compromised software update used for the hack was distributed in March of 2020.

How were the hacks executed?

This is what is known as a supply chain attack, which intercepts legitimate software pipelines and injects malicious code. For users, the software package appears legitimate. In this specific case, the hackinggroup was able to get into SolarWinds development operations and insert malware in a software update.

Initial analysis reveals the attack processes used to access SolarWinds systems were highly sophisticated and potentially novel.

Once the compromised software is installed, hackers can execute code, sniff passwords, and compromise additional machines within the network.

What can I do if my systems are at risk?

Of course, this only applies if you are running a SolarWinds Orion product. You can view a helpful advisory of the affected versions here.

In addition to patching your SolarWinds products to the latest version, you should activate your incident response protocols and begin investigative forensics and remediation as needed.

CISA and DHS have provided a list of mitigation actions to take, including:

How can I be better prepared for cyberattacks?

Large scale attacks always serve as a strong reminder to bolster your information security posture. With this attack, you should implement a third-party risk management program to assess and monitor your vendors and software.

Your complete approach to information security should also include strong password policies including multi-factor authentication, regular user training and testing on common attack methods such as phishing, and security information and event management (SIEM) tools with visibility across your entire IT infrastructure and user devices.

If you need assistance executing any aspect of your infosec strategy, Lunavi would be happy to help you identify the right combination of tools and processes to strengthen your protection and response capabilities.

Recent Blog Posts

lunavi logo alternate white and yellow
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more
lunavi logo alternate white and yellow
Lunavi Proves Commitment to Channel Partners, Customers with CRN Elite 150

While industry recognition such as the MSP 501 is validating, the most rewarding part of my work in the channel is hearing from partners and their clients about the success they have with these types of engagements.

Learn more
lunavi logo alternate white and yellow
More Than Just Another Partnership, the Azure Expert MSP Is a Unique Source of Pride

As a founder and leader at Lunavi, I’ve seen our organization achieve a lot of big things. That said, achieving the distinction of Azure Expert MSP stands out.

Learn more