IT Company SolarWinds Identified as Potential Source of Major Government Agency Hack

IT Company SolarWinds Identified as Potential Source of Major Government Agency Hack

Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code being pushed to almost 18,000 customers of its Orion platform. A year later, a hack at the USA government's personnel office blamed on China compromised the personal information of some 22 million current, former and prospective federal employees, including highly sensitive data such as background investigations.

The discovery of the attack on SolarWinds' Orion products came just days after the cybersecurity firm FireEye announced it had been the target of a cyberattack.

The incident comes less than a week after cyber security firm FireEye disclosed that its hacking tools had been stolen in a breach.

Many experts suspect Russian Federation is responsible. Buchanan called the hacking incident "impressive, surprising and alarming".

FireEye, a top cybersecurity firm that was also breached, discovered through its own investigation that SolarWinds had been compromised.

Notable SolarWinds clients include several USA federal agencies including the Pentagon, NASA, the Department of Justice, and the Office of the President of the United States. "SolarWinds products have always been reliable". The compromised product accounts for almost half the company's annual revenue, which totaled $753.9 million over the first nine months of this year. Its centralized monitoring looks for problems in an organization's computer networks, which means that breaking in gave the attackers a "God-view" of those networks.

The trojanized malware is being tracked by FireEye as "Sunburst". The hack is somehow similar to the recent breach of FireEye, a known cybersecurity firm in the country that showed the same attack.

"If that is not possible, SolarWinds recommend ensuring Orion servers are isolated by limiting the ports and connections to only what is necessary, and disabling internet access to Orion servers".

The hackers would have also had to want to target the organization.

"They also infected telecoms and other company networks".

"The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks", said CISA acting Director Brandon Wales.

Mandia said there was no indication they got customer information from the company's consulting or breach-response businesses or threat-intelligence data it collects.

SolarWinds said it was advised that an "outside nation state" infiltrated its systems with malware. The 10 leading USA telecommunications companies and top five US accounting firms are also SolarWinds customers.

One U.S. government official told The Associated Press Monday that Russian hackers are suspected.

Kremlin spokesman Dmitry Peskov denied that Russian Federation was involved. 'If for many months the Americans couldn't do anything about it, then, probably, one shouldn't unfoundedly blame the Russians for everything'.

Ben Buchanan is an expert on cyberattacks at Georgetown University in Washington D.C. He wrote the book "The Hacker and The State".

In a radio interview Monday, Secretary of State Mike Pompeo appeared to acknowledge Russia's involvement in the hack and vowed that the Trump administration would work to protect sensitive information from falling into the wrong hands.

"I think that contributes to Russia's bravado", he said.

SolarWinds CEO Kevin Thompson said in a statement that the company believes that products it released in March and June of this year were modified in a "highly-sophisticated, targeted and manual supply chain attack by a nation state".

Related Articles