CSE warns companies to check IT systems following SolarWinds hack

Canada's cybersecurity force is warning companies using SolarWind's Orion platform to to check their computer networks for malicious activity following a massive hacking campaign that is believed to have compromised government agencies and companies in several countries.

Government agencies, organizations in Canada and abroad believed to be affected, cybersecurity force says

The SolarWinds logo is seen outside its headquarters in Austin, Texas on Dec. 18, 2020. (Sergio Flores/Reuters)

Canada's cybersecurity unit is urging Canadian users of SolarWinds' Orion software to investigate whether their systems have been compromised in a "far reaching" hack revealed earlier this month.

The Canadian Centre for Cyber Security said in an alert released Thursday "It is believed that government agencies and a variety of organizations in Canada and abroad may be affected" by the hack, which was "carried out by a highly sophisticated threat actor."

The centre, which is a unit of the Communications Security Establishment, one of Canada's key security and intelligence organizations, did not specify which organizations or government entities may have been affected by the hack.

Last week, Shared Services Canada, which manages much of the government's IT infrastructure, told CBC News it had no indication its infrastructure had been compromised. The Department of National Defence said it did not use the affected platform.

LISTEN | Cybersecurity expert on wide-ranging hack:

Shared Services did not respond to a request for comment Thursday. In a statement to CBC News, the Canadian Centre for Cyber Security said they continue to assess the situation and are working with government partners to make sure those systems were secure. The Centre said it did not have anything to add on potential victims of the hack.

In its alert, the Canadian Centre for Cyber Security said it "has been working within the community to identify affected systems and notified Canadian system owners where possible. The impact on these compromised systems remains unidentified, but analysis is ongoing."

U.S. authorities, including Secretary of State Mike Pompeo have blamed the attack, in which several U.S. government departments and agencies were breached, on Russian actors. The Russian government denies involvement, and President Donald Trump contradicted Pompeo late last week by suggesting China may be culpable.

The attack is believed to have started in the spring, and used a network monitoring software platform called Orion, created by the firm SolarWinds. By compromising that platform, the attackers were able to insert malware into the systems of SolarWinds' clients. SolarWinds has said approximately 18,000 clients may be affected globally.

"The SolarWinds Orion vulnerability and associated compromises are far reaching, and it is important that organizations perform thorough analysis of their networks," to ensure they are not compromised, the CSE said in its alert.

The alert goes on to outline technical details of how to identify and mitigate systems which may be compromised by the hack.

On Wednesday, Cybersecurity and Infrastructure Security Agency, the U.S. cybersecurity agency, said the hack was having an impact on state and local governments.


Christian Paas-Lang covers federal politics for CBC News in Ottawa as an associate producer with The House and a digital writer with CBC Politics. You can reach him at christian.paas-lang@cbc.ca.