The Department of Homeland Security has ordered federal agencies to disconnect all SolarWinds Orion products and servers that may have been compromised during a long suspected Russian hack of the Treasury and Commerce departments, and have also been told to scan their networks for “malicious actors.”
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and to secure their networks against any exploitation,” the DHS Cybersecurity and Infrastructure Security Agency said in a statement Sunday.
This order is the fifth emergency directive issued by CISA since 2015, according to Fox News.
The breach into the Treasury and Commerce department systems is believed to be connected to an intrusion at US cybersecurity firm FireEye, headquartered in California.
The hackers may have gained illegal access to the systems by piggybacking on SolarWinds Orion, a server software used by several government agencies and Fortune 500 companies, Fox reports.
The directive warned that the compromise “poses unacceptable risks to the security of federal networks.”
Fireye said its investigation into the hacking identified a “global campaign” that targeted governments and private sector businesses by installing malware into SolarWinds updates, a process that began last spring.
The malware gave hackers remote access to computer networks for months in North America, Europe, Asia and the Middle East.
SolarWinds is working with the FBI, FireEye and the US intelligence community.
“We believe that this vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation-state,” SolarWinds CEO Kevin Thompson said in a statement.
Though a spokesman for the Kremlin denied Russia’s involvement, the FBI is investigating whether the Russian Foreign Intelligence Service was behind the attack.
All agencies operating SolarWinds products were required to submit a report to CISA on Monday, per the report.