INTENDED FOR WIDEST DISTRIBUTION

Critical Infrastructure Colleagues and Partners,

CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk.

Today, CISA issued a new CISA Insights in response to this threat, titled, What Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA Insights provides information to leaders on the known risk to organizations and actions that they can take to prioritize measures to identify and address these threats.

To support our partners, CISA has a webpage to consolidate the many resources that we have released on this compromise, to include links to the Emergency Directive, our Alert on A dvanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations , and our CISA Insights. Additionally, we will include partner resources that are of value to the cyber community.

As the nation’s risk advisor, we are sharing this readiness information to help you and your team prioritize measures to identify and address this threat. We encourage you to share this publication with anyone who might be able to use it. We will continue to keep you updated as more information becomes available.

To read the latest CISA Insights , visit CISA.gov/insights. For more information on the software compromise, visit our new webpage at www.cisa.gov/supply-chain-compromise.

Respectfully,

Cybersecurity and Infrastructure Security Agency

Defend Today Secure Tomorrow