Latest on the SVR’s SolarWinds Hack

2021-01-05 12:42

The New York Times has an in-depth article on the latest information about the SolarWinds hack.

Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds.

Some of the compromised SolarWinds software was engineered in Eastern Europe, and American investigators are now examining whether the incursion originated there, where Russian intelligence operatives are deeply rooted.

The hackers distributed malicious files from the SolarWinds network in October 2019, five months before previously reported files were sent to victims through the company's software update servers.

The October files, distributed to customers on Oct. 10, did not have a backdoor embedded in them in the way that subsequent malicious files that victims downloaded in the spring of 2020 did, and these files went undetected until this month.

The files distributed to victims in October 2019 were signed with a legitimate SolarWinds certificate to make them appear to be authentic code for the company's Orion Platform software, a tool used by system administrators to monitor and configure servers and other computer hardware on their network.

News URL

https://www.schneier.com/blog/archives/2021/01/latest-on-the-svrs-solarwinds-hack.html

#hack #solarwinds

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Solarwinds		56	33	104	77	36	250