‘SolarWinds hack was known to the US ministry more than six months earlier’

The hackers behind the attack on IT provider SolarWinds had been spotted more than six months before the hack became public. As early as May 2020, the US Department of Justice discovered a breach on its servers, but it was far from clear how extensive it was.

Wired writes based on sources that the attack on SolarWinds was noticed by the US ministry at the end of May 2020. That attack only became public in December of that year and caused a lot of commotion among security professionals. In late 2020, it was announced that attackers had carried out a hack on SolarWinds, specifically on network monitoring software Orion. Attackers were able to distribute an infected version of Orion to SolarWinds customers, granting attackers extensive rights to their computer networks. The U.S. Department of Justice was one of those clients. The hackers were able to poke around in the networks for months before they were discovered.

The US Department ran a test version of Orion in May 2020. System administrators then saw that the test version was connecting to an unknown server. The ministry then called in security company Mandiant, which conducted further investigation. The ministry is also said to have involved Microsoft, but Wired’s sources do not know why that is the case. Microsoft later also turned out to be a victim of the attack; the attackers would have had access to source code.

Mandiant and the ministry contacted SolarWinds after the discovery and asked for help because they suspected a vulnerability in Orion. SolarWinds said after an investigation that the company could not find such a vulnerability. After that, talks between the ministry and SolarWinds stopped. In July, more than a month after the discovery, the ministry purchased the final version of Orion. According to sources, the ministry said that it was convinced that Orion no longer posed a danger.

The Justice Department reportedly informed the US Cybersecurity and Infrastructure Agency, but not other agencies. But when the news about SolarWinds came to light in December 2020, neither side disclosed anything about the infection at the ministry.