‘SolarWinds hack was known to the US Department more than six months earlier’

Spread the love

The hackers behind the attack on ICT provider SolarWinds had been spotted for over six months before the hack became public. As early as May of 2020, the US Department of Justice discovered an intrusion on its servers, but it was far from clear how large the scale was.

Wired writes from sources that the attack on SolarWinds was already noticed at the end of May of 2020 at the US Department. That attack did not become public until December of that year and caused a lot of commotion among security professionals. At the end of 2020, it became known that attackers had hacked SolarWinds, specifically network monitoring software Orion. Attackers managed to distribute an infected version of Orion to SolarWinds customers, giving attackers broad rights to their computer networks. The United States Department of Justice was one of those clients. The hackers were able to poke around the networks for months before they were discovered.

The US State Department ran a test version of Orion in May 2020. System administrators then saw that the test version connected to an unknown server. The ministry then called in security company Mandiant, which conducted further investigation. The ministry would also have called in Microsoft, but Wired’s sources do not know why that is the case. Microsoft later turned out to be a victim of the attack as well; the attackers would have had access to source code.

Mandiant and the Department contacted SolarWinds after the discovery and asked for help, suspecting a vulnerability in Orion. SolarWinds said after an investigation that the company could not find such a vulnerability. After that, the talks between the ministry and SolarWinds stopped. In July, more than a month after the discovery, the Ministry procured the final version of Orion. According to sources, the ministry said it was convinced that Orion no longer posed a threat.

The Department of Justice would have informed the US Cybersecurity and Infrastructure Agency, but not other agencies. But when the news about SolarWinds came to light in December 2020, both parties did not disclose the infection at the ministry.

You might also like
Exit mobile version