Recently, SolarWinds issued a security advisory concerning an attack and compromise of their Orion IT monitoring platform. From the information disclosed, SolarWinds’ Orion IT monitoring platform was victim to a supply chain attack where malicious code was inserted inside of the SolarWinds product and distributed to SolarWinds customers.
This attack affects specific versions of the SolarWinds Orion Platform. Kaseya does not utilize any SolarWinds products and there is no evidence that Kaseya or any of our products are affected.
In addition to our ongoing security practices to regularly validate our processes and environment, when any new industry compromise is made known to us, we take steps to conduct an out-of-cycle review of our systems, processes, and code based on this newly available information in order to ensure the continued security of our products.
Details on the SolarWinds Attack are available at the links below:
SolarWinds Advisory - https://www.solarwinds.com/securityadvisory
Fire Eye - https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html