123RF

Financial firms that have been impacted by the SolarWinds cyber breach should be reporting to regulators, said the North American Securities Administrators Association (NASAA).

Last month, it was revealed that U.S. software firm SolarWinds suffered a cybersecurity breach that resulted in malware being distributed to its clients through “trojanized” software updates.

So NASAA, the umbrella group of U.S. state and provincial regulators, has issued an alert calling on firms to report “any known issues” related to the SolarWinds cybersecurity incident to their primary regulators.

NASAA said that its warning is intended to raise awareness among registered firms and to help affected firms “to recover quickly and protect their clients and colleagues.”

The victims of the malware attack included government agencies and private-sector firms.

Earlier this week, the U.S. Department of Justice (DoJ) issued a statement that indicated that it had discovered malicious activity in its email systems connected to the SolarWinds breach.

Last month, the Canadian Centre for Cyber Security issued alerts warning that government agencies and other organizations in Canada may be affected by the incident, too.

“The SolarWinds Orion vulnerability and associated compromises are far reaching, and it is important that organizations perform thorough analysis of their networks to ensure the malicious actors have been removed from both the initial point of compromise and any systems potentially impacted,” that centre said in one such alert.