![](https://pbs.twimg.com/media/EpLTrAiWEAAmzhw.jpg)
FLASH: "Emergency Directive 21-01 calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately."-@CISAgov Read more:
![](https://pbs.twimg.com/media/EpLTrAiWEAAmzhw.jpg)
The attackerโs use multiple techniques to evade detection/obscure activity. The campaign is widespread affecting public & private organizations around the world.
![](https://pbs.twimg.com/media/EpLVRwpXYAExa09.jpg)
![](https://pbs.twimg.com/media/EpLZUUdXYAImkdF.jpg)
-Restrict scope of connectivity to endpoints from SolarWinds servers!
-Restrict the scope of accounts that have local administrator privileged on SolarWinds servers!
.... more
-Block Internet egress from servers or other endpoints with SolarWinds software.
-At MINIMUM changing passwords for accounts that have access to SolarWinds servers / infrastructure.
....more
-Review network device configurations for unexpected / unauthorized modifications. This is a proactive measure due to the scope of SolarWinds functionality.
-425+ of US Fortune 500 co's
-All of top 10 US telecom co's
-All 5 branches US Military
-Pentagon
-State Department
-NASA
-NSA
-USPS
-NOAA
-DOJ
-Office of POTUS
-Top 5 US accounting firms
-100's universities/colleges
List: https://t.co/N202UZdyjC