US CISA: Disconnect or power down SolarWinds Orion products immediately! The cybersecurity experts underline that at the moment this is is the only known mitigation measure currently available

Disconnect or power down SolarWinds Orion products immediately! It’s the order spread by the US Cybersecurity and Infrastructure Security Agency (CISA) to the federal agencies following the emergency directive 21-01. According the document, “SolarWinds Orion products (versions 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems”. So, “until such time as CISA directs affected entities to rebuild the Windows operating system and reinstall the SolarWinds software package, agencies are prohibited from (re)joining the Windows host OS to the enterprise domain. Affected entities should expect further communications from CISA and await guidance before rebuilding from trusted sources utilizing the latest version of the product available”. Additionally, they have to block all traffic to and from hosts, external to the enterprise, where any version of SolarWinds Orion software has been installed. And, identify and remove all threat actor-controlled accounts and identified persistence mechanisms.