Skip to main content
NetApp Knowledge Base

NetApp’s response to customers regarding the SolarWinds Threat

not set
Last Updated:

Applies to

SolarWinds Threat


  • A widely impacting software supply chain cybersecurity attack was recently uncovered where a vendor with products deployed at corporations and government agencies across the globe was compromised, resulting in multiple breaches. The Cybersecurity and Infrastructure Security Agency (CISA) has identified SolarWinds Orion as one of the initial access vectors. NetApp continues to monitor the situation as it develops.

  • The security of both NetApp's and our customers' data is a top priority. NetApp products do not ship the affected SolarWinds Orion software or any components specific to SolarWinds. NetApp customers running SolarWinds Orion should review the recommendations in SolarWinds' Security Advisory and FAQ. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security Agency (CISA) Supply Chain Compromise website for new information as it develops.

  • Upon notice of the SolarWinds Orion Platform software compromise, the NetApp Security team initiated investigations in accordance with our incident response processes. NetApp followed the guidance issued to all SolarWinds customers in addition to following our internal processes for investigation, forensics analysis, and threat mitigation. NetApp will continue to remain vigilant regarding all aspects of this challenging and evolving situation.

For updates on NetApp's investigation and answers to common questions, refer the following link:

The above link should be considered the single source of current, up-to-date, authorized, and accurate information from NetApp.

Additional Information