As of 13 January 2021, the Australian Cyber Security Centre (ACSC) confirmed it has received a number of reports from Australian organisations notifying that they were operating vulnerable versions of SolarWinds Orion. The ACSC confirmed no follow-on compromise of an Australian organisation through SolarWinds Orion has been identified.
In a High Alert release, the ACSC provided the recommendation for mitigating potentially vulnerable versions of SolarWinds Orion is to apply the latest patches from SolarWinds as soon as possible. This recommendation applies to both the SUNBURST and SUPERNOVA malware.
If immediate patching is not possible, the ACSC recommends vulnerable SolarWinds Orion instances be isolated from the internet and internal network connections minimised.
The US Cyber security and Infrastructure Security Agency (CISA) has also published official alerts regarding detection and mitigation of potential compromises of SolarWinds Orion, including CISA and third-party tools that may aid in the detection of follow-on compromise through SolarWinds. CISA’s information and tools are available at https://www.cisa.gov/supply-chain-compromise.
Additionally, the ACSC encourages all organisations to continually assess and apply the Essential Eight strategies to protect their systems. Information regarding the Essential Eight is available here https://www.cyber.gov.au/acsc/view-all-content/essential-eight.
The ACSC is monitoring the situation and is able to provide assistance and advice as required.