A company that provides voting systems in 28 states uses an Internet technology firm that was hacked.
Dominion Voting Systems uses SolarWinds software, according to a Dominion web page.
SolarWinds does not list Dominion on its partial customer listing but says its products and services are used by more than 300,000 customers around the world, including all five branches of the U.S. military and more than 425 of the U.S. Fortune 500.
The situation with SolarWinds software enabled hackers to gain access to the U.S. Commerce Department and, reportedly, the Treasury Department.
SolarWinds Orion products are currently being exploited by malicious actors, the Department of Homeland Security’s Cybersecurity & Infrastructure Agency (CISA) said. The tactic lets an attacker gain access to network traffic management systems.
The only known mitigation measure currently available is to disconnect affected devices, according to the agency.
SolarWinds recommended customers upgrade their Orion platform to a recent version. If customers aren’t able to upgrade immediately, they were urged to disable Internet access for the platform and limit ports and connections to only what is necessary. A patch is expected on Tuesday.
Dominion didn’t respond to a request for comment, including whether it had followed the measures recommended by either CISA or SolarWinds. Dominion also didn’t return a voicemail.
According to FireEye, a cybersecurity firm, the hackers inserted malicious code into legitimate software updates for the SolarWinds Orion software. The code enabled an attacker to gain remote access to the victim’s systems.