Hackers had Access to SolarWinds Email for at least 9 Months
SolarWinds CEO Sudhakar Ramakrishna said the government-backed cybercriminal group responsible for attacking the company's supply chain had access to SolarWinds' email for at least nine months.
“The hackers gained access to at least one of the Office 365 email accounts back in December 2019, and then moved on to compromise other Office 365 accounts in the company,” Ramakrishna quoted The Washington Post as saying.
As a reminder, cybercriminals carried out a trial attack back in 2019 to test their capabilities. They began distributing third-party files from SolarWinds networks back in October 2019 - five months before victims downloaded malicious updates for the Orion platform. These files were sent on October 10 and did not contain any backdoors.
It also became known that the alleged Chinese hacker group hacked into the computer systems of a number of US departments, using another vulnerability in the SolarWinds software. Cybercriminals compromised the network of the National Financial Center (NFC) under the US Department of Agriculture, which, among other things, processes payroll records for employees of more than a hundred American government agencies. NFC-maintained records contain a variety of information, including federal agency employees' social security numbers, telephone numbers, personal email addresses, and banking information.
The vulnerability is not related to a bug used to compromise SolarWinds customers in last year's attacks, allegedly Russian hackers were suspected of organizing them. The attackers used computer infrastructure and tools previously identified in Chinese cyber spy campaigns.
The results of the investigation showed that the two hacker groups carried out operations at approximately the same period, but they pursued different goals. While the alleged "Russian hackers" implemented a backdoor in the SolarWinds Orion updates, the second group exploited a separate vulnerability to propagate over already compromised networks.