The initial release of CHIRP scans for signs of APT compromise within an on-premises environment to detect indicators of compromise (IOCs) associated with CISA Alerts AA20-352A and AA21-008A.Ī demonstration video is available on CISA’s YouTube channel to help agencies and organizations understand how to use CHIRP. This capability was developed to assist network defenders with detecting advanced persistent threat (APT) activity related to the SolarWinds and Active Directory/M365 compromise. These resources provide information to help organizations detect and prevent this activity.ĬISA released the CISA Hunt and Incident Response Program (CHIRP), a forensics collection capability outlined in Activity Alert AA21-077A and available on CISA’s CHIRP GitHub repository. Pursuant to Presidential Policy Directive (PPD) 41, CISA, the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident.ĬISA also remains in regular contact with public and private sector stakeholders and international partners, providing technical assistance upon request, and making information and resources available to help those affected to recover quickly from incidents related to this campaign.ĬISA encourages individuals and organizations to refer to the resources below for additional information on this compromise. CISA urges organizations to prioritize measures to identify and address this threat.
This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked.
An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. Mitigate Microsoft Exchange On-Premises Product VulnerabilitiesĬISA is tracking a significant cyber incident impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations.Executive Order on Improving the Nation’s Cybersecurity.Coordinated Vulnerability Disclosure Process.CISA’s Role in Industrial Control Systems.Stakeholder Engagement and Cyber Infrastructure Resilience.