• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • SolarWinds Hack Raises Concern for IBM i Shops

    January 27, 2021 Alex Woodie

    The recently disclosed hack of the SolarWinds log management software enabled bad actors to gain access to the protected networks of numerous government agencies and private companies. It is also impacting an untold number of IBM i shops, which use SolarWinds software in not-insignificant numbers.

    In early December, Reuters broke the story of a massive and sophisticated breach of federal government computer systems that started in March 2020. According to the stories, state-backed cybercriminals exploited security flaws in at least three software vendors, including SolarWinds, Microsoft Azure, and VMware, to access private information in the target systems, and even to embed malware in product updates downloaded over the Internet.

    The bad actors conducted what’s been called a “supply chain” attack, in which exploits in one system enable attackers to infiltrate other downstream systems. Specifically, security flaws in Microsoft and VMWare products allowed the attackers to access emails and other cloud-based documents stored in Office 365, which in turn enabled them to utilize federated authentication and single sign-on setups to breach more systems.

    It is believed that the attackers utilized compromised Office 365 credentials to hack an FTP site used by developers to build the SolarWinds Orion software product. The attackers then utilized this access to insert malware, called Sunburst, directly into the SolarWinds Orion product updates, thereby turning the network management product into a Trojan horse. The attackers also inserted a malicious program designed to look like the SolarWinds software, called Supernova, which was intended to give the attackers a backdoor to the networks of SolarWinds’ customers.

    SolarWinds issued a security advisory on December 31 in which it strongly encourages customers to update their Orion software to a new release that does not contain the malware. The company listed nearly 20 Orion components that were affected by the hack. This includes the Server & Application Monitor (SAM) component, which some organizations use to track IBM i server and network metrics via SNMP traps. The Network Performance Monitor (NPM) component of Orion, which also supports IBM i, is also impacted, SolarWinds says.

    Among the 80 or so Orion components that SolarWinds says are not impacted by the hack include Security Event Manager (SEM), which is widely used to track and correlate security data and is also known to be used by IBM i shops.

    The Department of Homeland Security issued an advisory calling on all organizations to disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, to block all network traffic to and from hosts, and to eliminate all accounts that are being used by the bad actors.

    Only after all vulnerabilities have been removed should users update the Orion software and begin rebuilding the systems. “Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” the DHS says.

    It’s unclear to what extent compromised SolarWinds software impacts IBM i shops and their IBM i systems. What is known is that SolarWinds’ software is widely used across many industries, and its Orion products are installed in, and actively used, by many IBM i shops.

    According to Precisely’s 2019 security survey, SolarWinds was tied as the second-most popular Security Information and Event Management (SIEM) software among IBM i shops, behind Splunk. It’s unclear how many of these IBM i shops also use SolarWinds Orion software for server or network management, but the odds are likely that a substantial number of them have standardized on SolarWinds, which claims to have more than 300,000 customers and revenues approaching $1 billion.

    HelpSystems President Jim Cassens said he expects some IBM i shops to move on from SolarWinds as a result of the hack. “I’m sure there are customer who will look at that and say, wow I don’t feel good about SolarWinds implementation and we’ll look for something else,” he says.

    However, Cassens says HelpSystems won’t use the SolarWinds hack as a way to convince its customers to use HelpSystems own SIEM, which the company announced a few years ago and continues to develop and maintain.

    “It always bothers me if you’re trying to take advantage of a situation like that,” he says. “Win on your merits, not necessarily the bad fortune” of a competitor.

    We’re continuing to research the SolarWinds hack and will update you as new information becomes available.

    RELATED STORIES

    Is Information Overload Hurting IBM i Security?

    Security Gaining Attention On IBM i, But More Progress Needed

    Hacking IBM i: Penetration Testing Gains Popularity

    IBM i Data Vulnerable, Security Report Says

    Three Lessons IBM i Shops Can Learn From The Equifax Hack

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: HelpSystems, IBM i, Network Performance Monitor, npm, SAM, Security Event Manager, Security Information and Event Management, SEM, Server & Application Monitor, SIEM, SolarWinds, VMware

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Can You Build Data Integrity Without Securing IBM i Systems? Talk Is Cheap, Action Is Costly

    Leave a Reply Cancel reply

TFH Volume: 31 Issue: 7

This Issue Sponsored By

  • Maxava
  • Precisely
  • CYBRA
  • Trinity Guard
  • ProData

Table of Contents

  • SolarWinds Hack Raises Concern for IBM i Shops
  • Can You Build Data Integrity Without Securing IBM i Systems?
  • Rocket Rebrands, Updates, and Discounts Terminal Emulator
  • Four Hundred Monitor, January 27
  • IBM i PTF Guide, Volume 23, Number 4

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle