As you may be aware, a highly sophisticated supply chain cyberattack that has successfully targeted a number of large, high profile organisations over the last year has been made public in recent days.
The attack originated with a Solarwinds (a leading IT monitoring and management provider) software system called Orion and has massive reach including organisations such as Microsoft, FireEye, and several US government departments amongst many others.
The extent of this breach is still being investigated on a global level.
At this moment, we would like to reassure our clients that we do not directly use Solarwinds Orion on any of our infrastructure. We do use other Solarwinds products and have received direct confirmation from Solarwinds that these products are in no way involved with this attack.
We continue to implement measures to assess and improve the security of our own and our clients networks and we will update this post with any pertinent updates.
If you would like further information on this topic, please follow these links for more in-depth analysis and information.
NCSC statement on the SolarWinds compromise
Analyzing Solorigate – Microsoft Security Blog
Solorigate Resource Center – Microsoft Security Response Center