Security News > 2021 > January > Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report
It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports.
The New York Times reported over the weekend that the SolarWinds supply chain attack is believed to have impacted as many as 250 government agencies and businesses.
The New York Times also learned that some SolarWinds software is maintained in Eastern Europe and investigators in the U.S. are now trying to determine if the breach originated there.
In the meantime, SolarWinds continues to share updates regarding its investigation into the incident.
The supply chain attack involved the use of trojanized updates for the company's Orion monitoring product in an effort to deliver, among other things, a piece of malware named SUNBURST. However, investigations revealed the existence of a different piece of malware, named SUPERNOVA, that may have been used by a different threat actor as part of an operation that may not be related to the supply chain attack.
On December 18, shortly after the SolarWinds breach came to light, the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive instructing federal agencies to immediately take steps to detect, investigate and respond to potential intrusions.