I am unable to locate any information regarding Solarwinds Orion Platform breach on comcast sites. What is the impact of Solarwinds Orion Platform on Comcast business network? Should I be doing something to monitor for Indicators of Compromise (IOC). I am not using Solarwinds but can my network be compromised if Comcast Solarwinds has been breached? See https://us-cert.cisa.gov/ncas/alerts/aa20-352a Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations I have tried speaking to an agent and each agent sends me back to 1-800-391-3000 for assistance.
It would be nice to have confirmation on this from Comcast. Not everyone uses solarwinds products. Since comcast monitoring of their own infrastructure predates the existance of solarwinds and has tended to be a "home grown" variety of monitoring they are likely not affected. If you are just using Comcast for connectivity then there should not be any issue for you. If you use other services, such as their email, then it is worth asking.
Comcast is a SolarWinds customer according to some material SolarWinds published ahead of the breach . But it is unlikely used to manage customer equipment like modems. So far, I have not seen anything suggesting that Comcast was affected by the backdoor.
About 18,000 SolarWinds customers downloaded the backdoored version of SolarWinds. Out of these, about 1,000 had the backdoor used (based on passive DNS data). I did not notice XFinity/Comcast on that list . For most customers, personal information like credit card data would be at risk. But in the worst-case, an attacker could manipulate cable modem settings/firmware.
In some ways, Comcast, just like SolarWinds, is a supplier that could be used to attack you. I wouldn't trust Comcast to deliver lunch without stealing a couple of fries, or drop the soda and trying to scoop it up to hide the fact. Everything outside my firewall, e.g. the Comcast modem, is considered hostile territory. No Comcast equipment or Wi-Fi is "inside" my network.