Copyright: Bennian
U.S. government agencies and private organizations were hit by a “global intrusion campaign” of cyber-attacks that exploited a flaw in an update from a SolarWinds product that many stakeholders use for network management. It’s believed the breach started months ago. Some multifamily firms are likely to have been impacted and should take immediate steps to identify vulnerabilities and secure their systems.
“We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain,” cybersecurity firm FireEye said in a post late Sunday. “This compromise is delivered through updates to a widely-used IT infrastructure management software -- the Orion network monitoring product from SolarWinds.”
The breach could be the worst in many years given that SolarWinds sells products to a wide range of organization hosting highly sensitive data. The State Department, the Centers for Disease Control and Prevention, the FBI, the U.S. military, and 425 corporations out of the Fortune 500 are all listed as SolarWinds customers according to the company’s website and government data.
Government authorities are still getting a handle on the scope of the breach, its list of victims, and if the hackers are still active in victim networks. FireEye provides more details in their analysis here.
NMHC will continue to keep members apprised of data breaches that could impact the industry. To stay up-to-date on all breaches, please subscribe to NMHC Cyber Alerts here
Related Articles
- NMHC-NAA Statement for Senate Commerce Hearing on AI & Data Privacy
- Real Estate Coalition Letter to CISA on CIRCIA/Cyber Disclosure Rule
- NMHC-NAA Statement for House Committee on Energy and Commerce on the American Privacy Rights Act
- NMHC-NAA Statement for Senate Commerce Subcommittee Hearing on Data Privacy
- NMHC-NAA Statement for House Appropriations Subcommittee Hearing on Bulk Billing