Skip to content

Cybersecurity experts breakdown how Russians hacked SolarWinds’ systems

Cybersecurity experts breakdown how Russians hacked SolarWinds' systems

Cybersecurity experts Dan Lohrmann and Richard Stiennon have issued a breakdown on the hack involving Solarwinds networking software. The company’s software is used mainly by the United States government alongside the Fortune 500 companies. Therefore, the hack is being named as “the biggest hack of the US government” in years.

Hackers gained entry into SolarWinds networks by getting more than 18,000 private and government users to download a tainted software update. The hackers managed to monitor internal emails at some of the top agencies in the US.

The hack reportedly began as early as March, when malicious code was secretly introduced into updates to popular software called Orion, made by SolarWinds. The software monitors the computer networks of businesses and governments for outages.

Stiennon, who is also Chief Research Analysts at IT-Harvest believes the hack’s planning began in 2019 involving a couple of Russian groups. He notes that the group was not successful in their first attempt. 

However, they gained entry into the SolarWinds system after they received the signing certificate for software updates and compromised the software update server at the firm.

The experts add that the hackers leverage on poor passwords to successfully gain access to the server updates and implanted the malware for about five-month. In March they then targetted the victims. The apparent months-long timeline gave the hackers ample time to extract information from targets. 

Watch video: Solarwinds Hacked By Russians – Cybersecurity Experts Break It Down

Hack identified by SolarWinds’s client

Notably, the breach was not discovered until one of SolarWind’s clients, FireEye, a top cybersecurity company determined that it had been compromised through software. 

Stiennon comments on FireEye’s transparency for being straightforward about who the suspected hackers are. Stiennon notes that:

“So FireEye immediately was completely transparent, told us all about it, attributed the attack to the Russians, or at least gave us enough indicators that we knew who they’re talking about. And then, released indicators of compromise digital signatures for all of their tools. So you can immediately update your security…So basically, the Russian hackers were sitting on these networks, grabbing information, supposedly listening to emails on office 365 and other servers, and owning state parts of the state department.”

At the moment, the full extent of the hack is not yet clear. However, the experts consider the effect to be global since it has affected software that touches many parts of the impacted agencies and business.

Was government the main target?

There are various reasons why a group of hackers would target a company like SolarWinds. There is a possibility of accessing future product plans and releases, employee and customer data. The hackers can sell the information or hold it for ransom. 

Another school of thought considers the companies as collateral damage as the hackers’ main target was government agencies. The potential implication of the hack is evident considering the reaction by the US government’s Cybersecurity and Infrastructure Security Agency (CISA). The agency announced that every federal agency should power down its SolarWinds systems immediately.

Both Lohrmann and Stiennon agree that Washington might be in crisis with the hack considering the timing of the hack. The US is undergoing a transition with President-elect Joe Biden planning to take over from Donald Trump next month.

SolarWinds is facing a potential lawsuit

Currently, SolarWinds is facing a potential lawsuit from both private customers and government entities in the breach. Notable SolarWind’s private customers include Intel, Nvidia, and Cisco. However, the company has already filed a report with the Securities and Exchange Commission detailing the hack.

SolarWinds provides network-monitoring and technical services to dozens of organizations around the world. Company’s workforce stands at around 2,500. The Texas firm has most clients in North America, Europe, Asia, and the Middle East.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.