Last week, software company, SolarWinds was compromised when hackers installed malicious code into an updated version of their software called Orion. Around 18,000 SolarWinds customers installed the update onto their systems. Many are speculating that the hack was engineered by the Russian government.
The software, Orion, allows customers to see what’s happening on its computer networks. With the malicious code installed, hackers have insight into the 18,000 systems that installed the tainted updates. The after-effects and scale are continuing to grow.
In a joint statement last week, US national security agencies called the attack a “significant and ongoing hacking campaign” that’s affecting the federal government. It is still unclear how many agencies have been affected or what information hackers are aiming to steal.
The attack issued is known as a supply-chain attack because it infects software while it’s being assembled. It involved packaging malware inside a trusted piece of software, so instead of using phishing campaigns to mislead companies to downloading malware it was installed while they relied on a trustworthy partner.
Microsoft president Brad Smith called the attack “an act of recklessness” and “this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nations intelligence agency.”
Though it is currently unclear what information is being targeted, it has been confirmed that the US Homeland Security, State, Commerce, and Treasury Departments were affected by the malware.
Additionally, several private companies were hit with the malware including Microsoft, Cisco, Nvidia, VMware, and Belkin according to the Wall Street Journal. SolarWinds customer list also includes AT&T, Procter & Gamble and McDonalds, but it is unclear if these customers have been infected.
More recently, more evidence has been unearthed that a second attack has been executed. Hackers also planted a .NET web shell named Supernova which also appears in SolarWinds’s Orion software.
We will continue to update this story as new information is uncovered.