The US Coast Guard (USCG) published Marine Safety Information Bulletin (MSIB) 03-21 directing any owner or operator of a Maritime Transportation Security Act (MTSA)-regulated facility that relies on SolarWinds software for a system that serves or supports a critical security function to report a Breach of Security if:
- They have downloaded the trojanized SolarWinds Orion plug-in (see FBI Private Industry Notification 20201222-001); or
- They note any system with a critical security function displaying any signs of compromise, including those that may have not originated from the SolarWinds Orion compromise but utilize similar Tactics, Techniques, and Procedures (TTPs) (see Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-352A).
CISA recommends utilizing three open-source tools – including a CISA-developed tool, Sparrow – to help detect and remediate malicious activity connected to the SolarWinds incident. Sparrow was created to detect possible compromised accounts and applications in the Azure/Microsoft 365 environment. For guidance on the three open-source tools, see CISA AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments.