Press "Enter" to skip to content

Russian government backs a major hack of Treasury, Commerce & more via SolarWinds Orion products

Russian government hackers have breached the Treasury and Commerce departments among a long list of other agencies as part of a massive global campaign that dates back months, as reported in the Washington Post.

FireEye, who was recently compromised themselves, details the technical details, and researcher Kim Zetter has a non-technical translation.   SolarWinds Orion product was compromised by attackers who slipped malicious code into the product without SolarWinds knowledge.  The code was distributed to customers, which opened a backdoor into those systems and notified the hackers of the access.     This started back in March.

In a statement on LinkedIn, the security researcher Kyle Hanslovan noted that it currently appears only the Orion platform was affected, and those service providers using SolarWinds N-Central or SolarWinds RMM appear to not be impacted.

The Cybersecurity and Infrastructure Security Agency has issued a directive advising federal civilian agencies to quote “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

Why do we care?

Disclosure – I’m a SolarWinds stockholder.

This is nation-state level hacking, and the “how” that will be investigated into the insertion of that malicious code is going to be something a lot of software companies really care about.   

A note for providers – while I would agree that the reputation damage for SolarWinds is real here, its important to be objective on the analysis.   There is a lot of ridiculous online outrage directed at the company, particularly by customers of different products.   Take a quick moment and think about what might happen to your own organization if you were targeted by organized crime specifically in this manner before you throw that stone… because the likelihood of it happening to you is pretty well documented.

We care because of that public perception damage.   If you’re disclosing to your customers your tool stack, you should be making sure to have discussions with them about this breach.     It also puts a giant spotlight on the management tools space in general.