Security News > 2021 > February > Another SolarWinds Orion Hack
The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies.
While the alleged Russian hackers penetrated deep into SolarWinds network and hid a "Back door" in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion's code to help spread across networks they had already compromised, the sources said.
Two, SolarWinds' terrible security is the result of a conscious business decision to reduce costs in the name of short-term profits.
These private equity-owned software firms torture professionals with bad user experiences and shitty customer support in everything from yoga studio software to car dealer IT to the nightmarish 'core' software that runs small banks and credit unions, as close as one gets to automating Office Space.
In other words, the same sloppy and corrupt practices that allowed this massive cybersecurity hack made Bravo a billionaire.
SolarWinds increased its profits by increasing its cybersecurity risk, and then transferred that risk to its customers without their knowledge or consent.
News URL
https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html