The SolarWinds hack, which occurred in late 2020, is being regarded as one of the largest cybersecurity breaches of the 21st century. This major event, affecting thousands of organizations, including the U.S. government, has left many questioning the vulnerability of our digital infrastructure.
SolarWinds, a software company based in Oklahoma, provides system management tools for network and infrastructure monitoring to hundreds of thousands of organizations worldwide. One of its products, Orion, is an IT performance monitoring system that has privileged access to IT systems. This made SolarWinds an attractive target for hackers.
The hack, often referred to as the SolarWinds hack, involved a group of suspected nation-state hackers known as Nobelium infiltrating the networks, systems, and data of thousands of SolarWinds customers. The hackers gained access to these systems through a supply chain attack, a method that targets a third party with access to an organization’s systems. In this case, the SolarWinds Orion Platform was compromised, creating a backdoor for the hackers.
The timeline of the SolarWinds hack reveals that the threat actors first gained unauthorized access to SolarWinds’ network in September 2019. In February 2020, the malicious code, known as Sunburst, was injected into the Orion system. From March 2020 onwards, SolarWinds started unknowingly sending out software updates with the hacked code.
The extent of the hack is substantial, with over 30,000 public and private organizations, including government agencies, using the Orion network management system. These organizations’ data, networks, and systems were compromised when SolarWinds distributed the backdoor malware as an update to the Orion software. The reach of the hack extended beyond SolarWinds customers; the hackers could potentially access the data and networks of their customers and partners as well. This exponential growth of affected victims is a significant cause for concern.
The SolarWinds hack has impacted various companies and organizations. Government departments, such as Homeland Security, State, Commerce, and Treasury, reported missing emails from their systems. Private companies, including FireEye, Microsoft, Intel, Cisco, and Deloitte, also fell victim to the attack. FireEye was the first to detect the breach within their own systems, labeling it “UNC2452” and identifying the backdoor as “Sunburst.” Microsoft later confirmed signs of the malware in its systems.
The question arises as to why it took so long to detect the SolarWinds attack. With attackers gaining access in September 2019 but the breach only being publicly reported in December 2020, the dwell time of the attack exceeded the average of 95 days. The sophistication of the Sunburst code and the hackers’ ability to circumvent threat detection techniques contributed to the delayed detection.
The purpose of the hack is still largely unknown. While it is speculated that hackers may have sought access to future product plans or held employee and customer information for ransom, the full extent of the stolen information is unclear. The level of access obtained by the hackers appears to be significant, leading to concerns about the security of government agencies and other affected organizations.
Investigations into the SolarWinds hack are ongoing, and it will take time to fully understand the impact of the breach. Russian espionage operations, potentially orchestrated by Russia’s Foreign Intelligence Service, are believed to be responsible for the attack. However, the Russian government has denied any involvement, stating that such activities go against their national interests and understanding of interstate relations.
The SolarWinds hack serves as a wake-up call for the global cybersecurity community. It highlights the vulnerability of our interconnected systems and the need for stronger measures to protect critical infrastructure. As organizations work to recover from the breach and strengthen their security protocols, it is clear that cybersecurity must remain a top priority in an increasingly digital world.