Security News > 2021 > June > SEC still digging into SolarWinds fallout, nudges undeclared victims

US markets watchdog the Securities and Exchanges Commission has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised.

The news agency also said the SEC is keen to know whether "Public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading", which could also involve issues around data protection.

SolarWinds is the maker of the Orion network infrastructure monitoring platform which was compromised last year, with miscreants apparently romping through some 18,000 of SolarsWinds' Origin customers' servers using malware installed via an update server.

Among other exploits, the wrong'uns apparently gained access to the networks of multiple US government departments via backdoored IT tools, including the US court system and its nuclear weapons agency, as well as managing to inject malware onto Microsoft's own systems.

At the end of last year, Microsoft confirmed it had "Detected malicious Solar Winds binaries in our environment, which we isolated and removed."

No one from the SEC was available for comment at the time of writing, although El Reg was interested to read that the market and securities watchdog recently paid out $5.3m to whistleblowers in two separate cases for providing "Information and assistance in separate enforcement proceedings."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/22/sec_continues_to_probe_solarwinds/