On December 14, 2020, SolarWinds Corporation reported a vulnerability within its Orion monitoring products that resulted in the distribution of a malicious “back door” (a covert method of gaining access to systems), known as “Sunburst,” on servers running the affected Orion products.  SolarWinds advised that the vulnerability affected only certain versions of its Orion products, and only if they had been installed or updated between March and June of 2020 .

CURRENT STATUS 12/22/20:

Broadcom does not use SolarWinds Orion software in its corporate IT environment or in the networks that support Broadcom’s software-as-a-service (SaaS) solutions.

Prior to March 2020, Broadcom did use SolarWinds Orion, before replacing it with its own network monitoring software. Broadcom has inspected its IT infrastructure for any instances of installed Orion software as well as for the latest known indicators of compromise associated with the Sunburst backdoor. We are also conducting assessments of our own IT vendors to determine any relevant exposure by those vendors.

At this time, we believe Broadcom has no significant exposure to the Sunburst malware. The malware has been detected in fewer than ten machines, all of which were in laboratory environments that were logically isolated from the corporate network or SaaS platforms. All of these lab systems have been decommissioned.  No other presently known indicators of compromise have been detected in any Broadcom environments.

We are aware of public reports indicating that “Symantec” may have been a customer of SolarWinds, but note that Broadcom acquired the assets, not the IT infrastructure, of the former Symantec Corporation and integrated the Symantec Enterprise Business into Broadcom’s IT infrastructure in November 2019.

Broadcom's security teams, including Symantec's threat hunter teams, will continue to closely monitor the situation and will provide updates to this Knowledge Base article if necessary.

*****

Please visit the Symantec Enterprise Blogs (Symantec Enterprise Blogs) for expert analysis of threats from the SolarWinds attacks