Hackers gained entry into SolarWinds networks by getting more than 18,000 private and government users to download a tainted software update. The hackers managed to monitor internal emails at some of the top agencies in the US. The hack reportedly began as early as March, when malicious code was secretly introduced into updates to popular software called Orion, made by SolarWinds. The software monitors the computer networks of businesses and governments for outages. Stiennon, who is also Chief Research Analysts at IT-Harvest believes the hack’s planning began in 2019 involving a couple of Russian groups. He notes that the group was not successful in their first attempt. However, they gained entry into the SolarWinds system after they received the signing certificate for software updates and compromised the software update server at the firm. The experts add that the hackers leverage on poor passwords to successfully gain access to the server updates and implanted the malware for about five-month. In March they then targetted the victims. The apparent months-long timeline gave the hackers ample time to extract information from targets. Watch video: Solarwinds Hacked By Russians – Cybersecurity Experts Break It Down
Hack identified by SolarWinds’s client
Notably, the breach was not discovered until one of SolarWind’s clients, FireEye, a top cybersecurity company determined that it had been compromised through software. Stiennon comments on FireEye’s transparency for being straightforward about who the suspected hackers are. Stiennon notes that: At the moment, the full extent of the hack is not yet clear. However, the experts consider the effect to be global since it has affected software that touches many parts of the impacted agencies and business.
Was government the main target?
There are various reasons why a group of hackers would target a company like SolarWinds. There is a possibility of accessing future product plans and releases, employee and customer data. The hackers can sell the information or hold it for ransom. Another school of thought considers the companies as collateral damage as the hackers’ main target was government agencies. The potential implication of the hack is evident considering the reaction by the US government’s Cybersecurity and Infrastructure Security Agency (CISA). The agency announced that every federal agency should power down its SolarWinds systems immediately. Both Lohrmann and Stiennon agree that Washington might be in crisis with the hack considering the timing of the hack. The US is undergoing a transition with President-elect Joe Biden planning to take over from Donald Trump next month.
SolarWinds is facing a potential lawsuit
Currently, SolarWinds is facing a potential lawsuit from both private customers and government entities in the breach. Notable SolarWind’s private customers include Intel, Nvidia, and Cisco. However, the company has already filed a report with the Securities and Exchange Commission detailing the hack. SolarWinds provides network-monitoring and technical services to dozens of organizations around the world. Company’s workforce stands at around 2,500. The Texas firm has most clients in North America, Europe, Asia, and the Middle East.