VMware said in the latest announcement that the investigation confirmed that the SolarWinds software used by the company also detected virus samples.
The SolarWinds Software Company of Texas, USA mainly develops network management software. The products provided by this company are used in more than 18,000 government and enterprise organizations.
The SolarWinds Company has been infiltrated at least this spring and even last fall, allegedly a cyber attack initiated by a state-backed hacker group.
After completing the infiltration, hackers put the backdoor program in the SolarWinds software. With the update of SolarWinds software, a large number of corporate internal networks were invaded by hacker groups.
Those who have been confirmed to have been hacked include the US Treasury Department, the US Department of Commerce, the US Department of Energy, the US Nuclear Safety Administration, Microsoft Corporation, and Cisco.
To date, VMware has received no notification that the CVE 2020-4006 was used in conjunction with the SolarWinds supply chain compromise.
In addition, while we have identified limited instances of the vulnerable SolarWinds Orion software in our own internal environment, our own internal investigation has not revealed any indication of exploitation. This has also been confirmed by SolarWinds own investigations to date.
VMware encourages all customers to apply the latest product updates, security patches and mitigations made available for their specific environment. VMware strongly encourages all customers to please visit VMSA-2020-0027 as the centralized source of information for CVE 2020-4006. Customers should also sign-up on our Security-Announce mailing list to receive new and updated VMware Security Advisories.