On December 13, news broke of an organized criminal campaign to gain access to public and private networks leveraging software provided by SolarWinds. By effectively building a back door into SolarWinds software, the hackers were able to compromise systems at the Department of Homeland Security, national security agencies, defense contractors, and potentially hundreds of other entities. Since the attack the USA Cybersecurity & Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) have issued advisories detailing the active vulnerability and advising those organizations who were impacted which actions to take.
Micro Focus has fully reviewed our product and SaaS infrastructure and have found no evidence of improper access, compromise or disclosure of customer data related to the SolarWinds incident or any related vulnerabilities.
We are of course empathetic to those customers who have been affected by the hack. We recognize that attackers are ever more sophisticated in their approaches, which is why we counsel our customers to consistently strengthen their cyber resilience and to take a comprehensive approach to Cyber Resilience and zero trust.
We take security very seriously in everything we do and develop at Micro Focus and our security team is continuing to actively inspect the Micro Focus environment and infrastructure, and monitoring the guidance from CISA and NCSC so that we can help our customers respond as more details evolve.
The Micro Focus Team