The State Security Office has been notified by the Cybersecurity and Infrastructure Security Agency (CISA) that some versions of a system monitoring software the state uses is being exploited by “malicious actors.”
Those malicious actors are believed to be Russian spies, or foreign intelligence workers, as they are being called. SolarWinds Orion products have been attacked by Russian hackers all over the United States.
On Monday, all State of Alaska departments that have SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, on their network were instructed to immediately disconnect or power down the products from their networks.
The State Security Office said that until it gets the Windows operating system rebuilt and reinstalls the patched SolarWinds software, departments are prohibited from rejoining the Windows host operating system to the “enterprise domain.”
Additionally, information technology officers in the State of Alaska have been instructed to block all traffic to and from hosts, external to the enterprise, where any version of the SolarWinds Orion software has been installed.
On Sunday, CISA issued Emergency Directive 21-01 that calls on all federal civilian agencies to review their networks for signs of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
Since at least March, Russian hackers have inserted malicious updates into IT management platforms, hitting the U.S. Departments of Commerce, Treasury, and Homeland Security, as well as a security firm called FireEye.
SolarWinds has hundreds of thousands of clients. On Monday, the company told the Security and Exchange Commission that at least 18,000 were potentially attacked.
Attackers used Orion software as a door into computer systems, where they were able to steal administrative tokens, and then go in and out of the system with data.
The attacks were first reported by Reuters on Sunday.
SolarWinds said in a statement that hackers had managed to alter the versions Orion, a network monitoring tool, that were released in March and June.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds wrote.