Active exploitation, possibly dating back to the Spring of this year, in the form of a global intrusion campaign directed at the SolarWinds Orion Platform, software versions 2019.4 HF5 through 2020.2 (with no hotfix installed), and 2020.2 HF1 has been reported by SolarWinds and FireEye.
The victims appear to be numerous public and private organizations worldwide. Victims were targeted with trojanized updates of SolarWind’s Orion IT monitoring and management software. The trojanized component is digitally signed and contains a backdoor that communicates with third-party servers controlled by malicious actors. FireEye tracks this component as SUNBURST.
The threat is ongoing. FireEye’s GuitHub page contains detection countermeasures.