{"id":38716,"date":"2020-12-15T20:21:00","date_gmt":"2020-12-15T20:21:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/"},"modified":"2020-12-15T20:21:00","modified_gmt":"2020-12-15T20:21:00","slug":"solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/","title":{"rendered":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.techhive.com\/images\/article\/2014\/09\/security_privacy_hacker_crime_thief_steal_data_information_digital_criminal_breach_binary_code_danger_safety_password-100411670-large.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Hot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of <a href=\"https:\/\/www.csoonline.com\/article\/3601508\/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html\">the serious Trojan unleashed on the platform<\/a>.<\/p>\n<p>The supply-chain attack, reported early this week by <a href=\"https:\/\/www.reuters.com\/article\/us-usa-solarwinds-breakingviews-idUSKBN28O2II\" rel=\"nofollow\">Reuters<\/a> and detailed by security researchers at <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html\" rel=\"nofollow\">FireEye<\/a> and <a href=\"https:\/\/msrc-blog.microsoft.com\/2020\/12\/13\/customer-guidance-on-recent-nation-state-cyber-attacks\/\" rel=\"nofollow\">Microsoft<\/a> involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind\u2019s Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others.<\/p>\n<p>\u201cSolarWinds confirmed that less than 18,000 of its 300,000 customers have downloaded the compromised update,\u201d stated researchers at Cisco\u2019s security research arm <a href=\"https:\/\/blog.talosintelligence.com\/2020\/12\/solarwinds-supplychain-coverage.html\" rel=\"nofollow\">Talos<\/a>. \u201cStill, the effects of this campaign are potentially staggering, with the company&#8217;s products being used by several high-value entities. Victims reportedly include government agencies and consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, according to FireEye. Several reports also indicate that the US Treasury and Commerce departments were also targeted in what is likely related to the same activity.\u201d<\/p>\n<aside class=\"fakesidebar\"><a href=\"https:\/\/www.networkworld.com\/newsletters\/signup.html\">[Get regularly scheduled insights by signing up for Network World newsletters.]<\/a><\/aside>\n<p>In response to the attack, <a href=\"https:\/\/www.solarwinds.com\/securityadvisory\" rel=\"nofollow\">SolarWinds has issued one hot patch<\/a> and another is expected today. As of this publication, SolarWinds stated: \u201cAn additional hotfix release,&nbsp;2020.2.1 HF 2, is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release Orion Platform 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component&nbsp;and&nbsp;provides several additional security enhancements.\u201d<\/p>\n<p>\u201cWe have scanned the code of all our software products for markers similar to those used in the attack on our Orion Platform products and we have found no evidence that other versions of our Orion Platform products or our other products contain those markers. As such, we are not aware that other versions of Orion Platform products have been impacted by this security vulnerability. Other non-Orion Platform products are also not known by us to be impacted by this security vulnerability,\u201d SolarWinds said in its advisory.<\/p>\n<p>Experts say customers have a number of options in dealing with the Trojan.&nbsp;<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id> <\/aside>\n<p>\u201cIsolation is the strategy we are advocating to clients right now,\u201d said John Pironti, president of the IP Architects consultancy. \u201cMost of what SolarWinds does is monitoring, not necessarily a core network service, so isolating those resources is less impactful. The complication would be in enterprises that have deep automation features; that would be harder to isolate for longer periods of time.\u201d<\/p>\n<p>The problem is that hot fixes are not patches, so there\u2019s going to be one today and maybe another on Friday so enterprises have to keep making changes that might impact other resources, Pironti said. \u201cWhat\u2019s needed is a fully vetted patch.\u201d<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id> <\/aside>\n<p>The government\u2019s Cybersecurity and Infrastructure Security Agency took its warnings further by instructing federal agencies via <a href=\"https:\/\/cyber.dhs.gov\/ed\/21-01\/\" rel=\"nofollow\">Emergency Directive 21-01<\/a> to \u201cimmediately disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, from their network.\u201d<\/p>\n<p>\u201cUntil such time as CISA directs affected entities to rebuild the Windows operating system and reinstall the SolarWinds software package, agencies are prohibited from (re)joining the Windows host OS to the enterprise domain. Affected entities should expect further communications from CISA and await guidance before rebuilding from trusted sources utilizing the latest version of the product available. Additionally, agencies should block all traffic to and from hosts, external to the enterprise, where <em>any version of<\/em> SolarWinds Orion software has been installed.&nbsp; In addition identify and remove all threat actor-controlled accounts and identified persistence mechanisms.\u201d<\/p>\n<p>Other mitigations are also recommended.&nbsp; For example Microsoft suggested:<\/p>\n<ul>\n<li>Run up to date antivirus or EDR products that detect compromised SolarWinds libraries and potentially anomalous process behavior by these binaries. Consider disabling SolarWinds in your environment entirely until you are confident that you have a trustworthy build free of injected code.<\/li>\n<li>Block known [command-and-control] endpoints in [indicators of compromise] using your network infrastructure.<\/li>\n<li>Follow the best practices of your identity-federation technology provider in securing your SAML token signing keys. Consider hardware security for your SAML token signing certificates if your identity-federation technology provider supports it.<\/li>\n<li>Ensure that user accounts with administrative rights follow best practices, including use of privileged access workstations, JIT\/JEA, and strong authentication. Reduce the number of users that are members of highly privileged Directory Roles, like Global Administrator, Application Administrator, and Cloud Application Administrator.<\/li>\n<\/ul>\n<p>CISA recommended \u201creimaging system memory and\/or host operating systems hosting all instances of SolarWinds Orion versions 2019.4 through 2020.2.1 HF1, and analyze for new user or service accounts, as well as identifying the existence of &#8220;SolarWinds.Orion.Core.BusinessLayer.dll&#8221; and &#8220;C:\\WINDOWS\\SysWOW64\\netsetupsvc.dll.&#8221;&nbsp; It also said to reset credentials used by SolarWinds software and implement a rotation policy for these accounts. Require long and complex passwords.<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id> <\/aside>\n<p>Supply chain attacks are nothing new though they are becoming more more sophisticated and perhaps more damaging, Pironti said.<\/p>\n<p>A <a href=\"https:\/\/www.csoonline.com\/article\/3191947\/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html\">recent article from CSO<\/a> noted major cyber breaches caused by suppliers: &nbsp;The 2014 <a href=\"https:\/\/www.csoonline.com\/article\/2601021\/security0\/11-steps-attackers-took-to-crack-target.html\">Target breach<\/a> was caused by lax security at an HVAC vendor. <a href=\"https:\/\/www.csoonline.com\/article\/3223232\/data-breach\/what-is-the-biggest-threat-from-the-equifax-breach-account-takeovers.html\">Equifax<\/a> blamed its 2017 giant breach to a flaw in outside software it was using.<\/p>\n<p>\u201cSupply chain compromises can expose an organization&#8217;s internal networks and data, and prevention, detection, and mitigation require mature, cross-functional security capabilities,\u201d said Matt Ashburn, Head of Strategic Initiatives for security vendor Authentic8 in a statement.&nbsp; \u201cMitigation and detection of supply chain threats require concerted coordination among traditionally disparate teams, including procurement, logistics, compliance, and security teams.\u201d<\/p>\n<p>Analysts with KuppingerCole suggested a strategic action plan for overall supply chain security. John Tolbert, lead analyst and managing director of KuppingerCole said customers should start focusing on supply chain security, specifically: &nbsp;<\/p>\n<ul>\n<li>Don\u2019t whitelist security tools from anti-malware scans&nbsp;<\/li>\n<li>Don\u2019t whitelist purported IPs\/URLs of security vendor clouds from NTA\/NDR scans&nbsp;<\/li>\n<li>Update business processes<\/li>\n<li>Expect new regulations to address supply chain cybersecurity&nbsp;<\/li>\n<li>Make threat hunting an ongoing activity (if you don\u2019t have the tools for this, get them)&nbsp;<\/li>\n<li>Avoid using passwords anywhere. Use Multifactor authentication FA&nbsp;wherever possible<\/li>\n<li>Use privileged access management for all admin and service accounts&nbsp;<\/li>\n<\/ul>\n<div class=\"end-note\"> <!-- blx4 #2005 blox4.html --> <\/p>\n<div id class=\"blx blxParticleendnote blxM2005 blox4_html blxC23909\">Join the Network World communities on <a href=\"https:\/\/www.facebook.com\/NetworkWorld\/\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/network-world\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a> to comment on topics that are top of mind. <\/div>\n<\/p><\/div>\n<p> READ MORE <a href=\"https:\/\/www.networkworld.com\/article\/3601568\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\nHot patching and isolating potentially affected resources are on the IT response schedule as enterprises that employ SolarWinds Orion network-monitoring software look to limit the impact of the serious Trojan unleashed on the platform.The supply-chain attack, reported early this week by Reuters and detailed by security researchers at FireEye and Microsoft involves a potential state-sponsored, sophisticated actor gained access to a wide variety of government, public and private networks via Trojanized updates to SolarWind\u2019s Orion network monitoring and management software. This campaign may have begun as early as spring 2020 and is ongoing, according to FireEye and others.To read this article in full, please click here READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":38717,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[2767,762,307],"class_list":["post-38716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-network-monitoring","tag-networking","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-15T20:21:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"620\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear\",\"datePublished\":\"2020-12-15T20:21:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/\"},\"wordCount\":1072,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg\",\"keywords\":[\"Network Monitoring\",\"Networking\",\"Security\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/\",\"name\":\"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg\",\"datePublished\":\"2020-12-15T20:21:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg\",\"width\":620,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Network Monitoring\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/network-monitoring\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-12-15T20:21:00+00:00","og_image":[{"width":620,"height":413,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear","datePublished":"2020-12-15T20:21:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/"},"wordCount":1072,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg","keywords":["Network Monitoring","Networking","Security"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/","name":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg","datePublished":"2020-12-15T20:21:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/12\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear.jpg","width":620,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-trojan-affected-enterprises-must-use-hot-patches-isolate-compromised-gear\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Network Monitoring","item":"https:\/\/www.threatshub.org\/blog\/tag\/network-monitoring\/"},{"@type":"ListItem","position":3,"name":"SolarWinds Trojan: Affected enterprises must use hot patches, isolate compromised gear"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=38716"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/38716\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/38717"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=38716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=38716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=38716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}