Infected SolarWinds Update was Reason for FireEye hack and US Organization

FireEye and US Department of the Treasury hacked via infected SolarWinds updates

In a statement to the US Securities and Exchange Commission (SEC), software maker SolarWinds tried to downplay the impact of the recent cyber attack on its systems.

We will remind, on Sunday, December 13, SolarWinds announced that it was the victim of a cyber attack. Hackers working for the government of an unknown country hacked into its networks and injected malware into updates to the Orion software platform, which is used to manage and monitor IT resources. According to the manufacturer's notice, the malware was embedded in Orion versions 2019.4 to 2020.2.1, released March-June 2020.

Modified firmware versions allowed hackers to deploy additional malware on SolarWinds customers' networks. In particular, the information security company FireEye , the US Department of the Treasury and the Telecommunications and Information Administration (NTIA) of the US Department of Commerce were hacked in this way . The hack of the US Department of Homeland Security, which became known on Monday, December 14, is also believed to be part of this malicious campaign.

Although it was initially believed that the incident could have affected all SolarWinds customers, according to a statement filed with the SEC, the scale of the incident is much smaller. Of the company's 300,000 customers, only 33,000 use the Orion platform, and only 18,000 have installed malicious updates. The manufacturer notified all Orion users about the incident (even those who did not install malicious updates) and provided appropriate recommendations.

On December 15, SolarWinds is to release a platform update containing code to remove any trace of malware from users' systems.

Although the manufacturer did tell how the malware got to its customers' systems, how the hackers managed to break into its own systems, SolarWinds does not reveal. However, according to a statement filed with the SEC, he learned from Microsoft that his Office 365 accounts had been hacked. SolarWinds is currently investigating whether hackers used email access to steal customer information. Whether the hacking of Office 365 accounts is related to the introduction of malicious firmware, the company does not specify.

However, despite SolarWinds' attempts to downplay the scale of the incident, the impact could be much worse than expected. According to Forbes, the company is the main contractor for the US government. In particular, SolarWinds software is used by the Cyber and Infrastructure Security Agency (CISA), Cyber Command, Department of Defense, FBI, Department of Homeland Security, etc.

Despite the large number of Orion users, according to Reuters, hackers have targeted only a limited group of the most valuable targets. For example, many system administrators found malicious platform updates on their systems, but without any signs of additional malware being deployed.