U.S. government agencies and private organizations were hit by a “global intrusion campaign” of cyber-attacks that exploited a flaw in an update from a SolarWinds product that many stakeholders use for network management. It’s believed the breach started months ago. Some multifamily firms are likely to have been impacted and should take immediate steps to identify vulnerabilities and secure their systems.
“We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain,” cybersecurity firm FireEye said in a post late Sunday. “This compromise is delivered through updates to a widely-used IT infrastructure management software -- the Orion network monitoring product from SolarWinds.”
The breach could be the worst in many years given that SolarWinds sells products to a wide range of organization hosting highly sensitive data. The State Department, the Centers for Disease Control and Prevention, the FBI, the U.S. military, and 425 corporations out of the Fortune 500 are all listed as SolarWinds customers according to the company’s website and government data.
Government authorities are still getting a handle on the scope of the breach, its list of victims, and if the hackers are still active in victim networks. FireEye provides more details in their analysis here.
NMHC will continue to keep members apprised of data breaches that could impact the industry. To stay up-to-date on all breaches, please subscribe to NMHC Cyber Alerts here
- FCC Issues Rule Protecting Property Rights, Speeds Wireless Infrastructure Deployment
- NMHC Warns Against FCC Action to Speed Wireless Infrastructure Deployment, Harm Private Property Rights
- California Votes to Expand CCPA
- NMHC Coalition Letter to FCC Regarding Broadband Choice
- NMHC Leads Coalition in Filing Comments at the FCC Regarding Broadband Choice