SolarWinds breach: how hackers used obscure software maker to attack top US agencies
- US Homeland Security, thousands of businesses scramble after suspected Russian hack
- Texas-based tech company SolarWinds was the key stepping stone used by the hackers
At the epicentre of the most sprawling cyberattack in recent memory is a two-decade-old, Austin-Texas-based software maker called SolarWinds. While barely known outside geeky tech circles, its customer list boasts of every branch of the US military and four-fifths of the Fortune 500.
Many of those customers found themselves ensnared in the attack because suspected Russian hackers inserted a vulnerability into a popular SolarWinds’ software product, designed to give users a bird’s-eye view of the varied web of applications that keep their operations humming.
In a filing to the US Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 of its customers. Those clients include government agencies around the globe and some of the world’s largest corporations.
The company “has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,” according to the filing. “SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”
The company said it has sent mitigation steps to relevant customers and is providing an additional “hotfix” update on December 15.
APT 29, a hacking group linked to the Russian government, is suspected of being behind the breach. The Department of Commerce was breached, as were the departments of Homeland Security and Treasury, Reuters reported.