Equipment (Modems,Gateways)
Modems, Gateways, and Networking Devices
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician. They're Standing in Data Center, Rack Server Cabinet is Open.
New Member

information on impact of Solarwinds Orion breach

I am unable to locate any information regarding Solarwinds Orion Platform breach on comcast sites.      What is the impact of Solarwinds Orion Platform on Comcast business network?  Should I be doing something to monitor for Indicators of Compromise (IOC).  I am not using Solarwinds but can my network be compromised if Comcast Solarwinds has been breached?  See https://us-cert.cisa.gov/ncas/alerts/aa20-352a   Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations   I have tried speaking to an agent and each agent sends me back to 1-800-391-3000 for assistance.

2 REPLIES 2
Contributor

Re: information on impact of Solarwinds Orion breach

It would be nice to have confirmation on this from Comcast.  Not everyone uses solarwinds products.  Since comcast monitoring of their own infrastructure predates the existance of solarwinds and has tended to be a "home grown" variety of monitoring they are likely not affected.  If you are just using Comcast for connectivity then there should not be any issue for you.  If you use other services, such as their email, then it is worth asking.

0 Kudos
Reply
Member

Re: information on impact of Solarwinds Orion breach

Comcast is a SolarWinds customer according to some material SolarWinds published ahead of the breach [1]. But it is unlikely used to manage customer equipment like modems. So far, I have not seen anything suggesting that Comcast was affected by the backdoor.

 

About 18,000 SolarWinds customers downloaded the backdoored version of SolarWinds. Out of these, about 1,000 had the backdoor used (based on passive DNS data). I did not notice XFinity/Comcast on that list [2]. For most customers, personal information like credit card data would be at risk. But in the worst-case, an attacker could manipulate cable modem settings/firmware.

 

In some ways, Comcast, just like SolarWinds, is a supplier that could be used to attack you. I wouldn't trust Comcast to deliver lunch without stealing a couple of fries, or drop the soda and trying to scoop it up to hide the fact. Everything outside my firewall, e.g. the Comcast modem, is considered hostile territory. No Comcast equipment or Wi-Fi is "inside" my network.

 

 

 

 

 

 

[1] https://web.archive.org/web/20201214090828/https://www.solarwinds.com/company/customers

[2] https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/

0 Kudos
Reply