On December 8th, 2020, the security company FireEye disclosed a breach of their internal systems. Subsequent investigations traced the breach to what is known as a "supply chain" attack in which the perpetrators compromised a trusted 3rd party tool. In this case, the hackers were able to insert malicious code into the SolarWinds Orion® Platform. The vulnerability inserted into the Orion® Platform creates a backdoor that provides hackers access to the victim's network. The SolarWinds software was compromised on SolarWinds' servers and any customer (including FireEye) that updated their software to the altered version became vulnerable. The 4U Platform does not use any SolarWinds products.

The full impact of this breach is still being determined but it is believed that upwards of 18k organizations including multiple federal government networks may have been impacted. This is widely considered by many experts to be the most significant security breach ever and the magnitude is hard to overstate. Evidence indicates it was conducted by the Russian intelligence agency S.R.V. and that their targets included the US Departments of State, Homeland Security, Commerce, and the Treasury, as well as the National Institutes of Health.

There is evidence suggesting that this was a focused attack by the S.R.V. that targeted specific organizations and that many networks that were vulnerable and could have been breached were not of interest and ignored. However, all vulnerable organizations, should assume that they were breached.

As part of the FireEye breach, the Fire Eye Red Team tools were stolen. It's important to note that these tools did not contain any "zero-day" exploits, meaning that all of the tools employ previously known methods. FireEye does "not believe that this theft will greatly advance the attacker’s overall capabilities." Still, the theft of the tools highlight the need for heightened and ongoing vigilance.

No. The 4U Platform does not use the SolarWinds Orion® Platform or any other SolarWinds products. As a result, our networks were not directly compromised in any fashion.

No. The 4U Platform operates in a secure virtual private cloud, we encrypt all of our data both at rest and in transit, and we continuously monitor our systems for malicious activity and unauthorized behavior. There are no indications of intrusions.

No.

No.

On December 7th, 2020 the US National Security Agency released a Cybersecurity Advisory warning that a flaw in VMWare's virtualization software platform was being exploited by Russian state-sponsored actors. The 4U Platform does not rely on this software.

We have reviewed our systems for unusual activity and potential vectors for attack via 3rd party vendors. We continue security best practices including continuously monitoring our networks for malicious activity and unauthorized behavior.

No unusual behaviors or access has been observed. We remain vigilant but find no evidence that we were impacted in any way by the SolarWinds breach.

We also continue to monitor updates from the cybersecurity community regarding appropriate countermeasures.