SolarWinds compromised: How hackers attacked software used by US government departments

Hackers managed to compromise and instal malware on a piece of security software -– the Orion security tool developed by SolarWinds

Hacked via security software

Thousands of companies and institutions across the globe have to check if they have been hacked via security software from Texan firm SolarWinds at the heart of a cyberattack on several US government agencies.


Full gamut of military branches

Hackers managed to compromise and install malware on a piece of security software -– the Orion security tool developed by SolarWinds which is used for management and supervision of IT networks at many large companies and several US government agencies. 

Rather than attack directly clients who include top accounting firms -- but also the full gamut of military branches -- the hackers aimed to compromise the software's automatic update function.


Crypto burglars

Beyond the content of the data hacked, the break-in further allowed the crypto burglars to gain an idea of their victim's systemic structural vulnerabilities. 

The attack was discovered by cybersecurity company FireEye, which, along with SolarWinds, has pointed the finger at people linked to the Russian government.


US Treasury Department breached

Taking care only to upload stolen data in relatively small quantities, the hackers reportedly breached software used by the US Treasury Department, the Commerce Department and the Department of Homeland Security, allowing them to view internal email traffic, prompting an FBI investigation.

The software had enjoyed much commercial success based not least on its state of the art ergonomic interface.



The malware was laced into the software updates that breached network security and allowed access to data including mail, with FireEye saying the breaches began around last March. 

According to SolarWinds, 18,000 users of Orion have potentially suffered a security breach, including government agencies and Fortune 500 companies. 


Sponsored attack targeted governments

According to FireEye, what it termed a state sponsored attack targeted governments as well as leading global enterprises notably in the technology and energy sectors in North America, Europe, Asia and the Middle East.

According to Jacques de la Riviere, who runs French cybersecurity firm Gatewatcher, it is still too early to know which other firms or institutions have been infiltrated.


Finger at Russia

FireEye and Microsoft believe the attack was by a nation state and expert analysis has pointed the finger at Russia, as have anonymous US security sources. As yet, Washington has yet to give the accusation its official seal. 

These US sources have focused on an organisation known as advanced persistent threat (APT) 29, or Cozy Bear, which is believed to be linked to one or more Russian intelligence agencies and previously pirated the White House under President Barack Obama.


Stewardship of data

Jacques de la Riviere says he has responded by ramping up protection on his own servers.

Beyond that he hopes the high-profile attack will encourage firms and institutions to be more demanding when it comes to stewardship of their data and software security.

"This could be a turning point, where many clients are going to start saying 'I no longer want to purchase software that has not been certified by a third party'," he said.


Read in App