A widely impacting software supply chain cybersecurity attack was recently uncovered where a vendor with products deployed at corporations and government agencies across the globe was compromised, resulting in multiple breaches. The Cybersecurity and Infrastructure Security Agency (CISA) has identified SolarWinds Orion as one of the initial access vectors. NetApp continues to monitor the situation as it develops.
The security of both NetApp's and our customers' data is a top priority. We can confirm that NetApp products do not ship the affected SolarWinds Orion software or any components specific to SolarWinds. NetApp customers running SolarWinds Orion should review the recommendations in SolarWinds' Security Advisory and FAQ. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security Agency (CISA) Supply Chain Compromise website for new information as it develops. In addition, at this time there is no known impact to NetApp’s products, services or operations.