Monday, January 11, 2021
SOLARWINDS MALWARE NOTICE
JACKSON – The Secretary of State's Office encourages financial service registrants, particularly state-registered investment advisers and intrastate broker-dealers, to report any known issues or concerns related to the recent SolarWinds cybersecurity incident to their primary securities regulator.
In December 2020, the federal government reported SolarWinds, a vendor that provides updating and monitoring software to numerous government agencies and private companies, was the victim of a breach that caused SolarWinds Orion Network Management Products to transmit malware to many of its clients, including federal, state, and local governments, as well as other private sector entities.
The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) issued an alert that describes the threat and provides guidance on how to address it. The alert is available at the link below.
Click here to view the CISA alert.
Our office hopes this reminder will help raise awareness among state registrants and provide beneficial information and resources to those affected. Any firm with known malicious versions of the SolarWinds Orion software should contact its primary regulator. State-registered investment advisers and intrastate broker-dealers should email or call our Securities Division at 601-359-1334.