• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Mobility, Network Security, News

What We Know About The Massive Hack of SolarWinds’ IT Management Platform

The tech community and end users are still reeling from the massive hack of SolarWinds’ Orion platform. Here's what we know so far.

December 16, 2020 Zachary Comeau Leave a Comment

SolarWinds Hack

The tech community is still reeling from the massive hack of SolarWinds’ Orion platform that resulted in the compromise of several U.S. government networks and reportedly thousands of other SolarWinds customers.

According to public filings, news reports and the company’s own disclosures, here is what we’ve learned since news of the highly sophisticated attack was announced Sunday, when cybersecurity firm FireEye confirmed that some of its tools designed to test customer networks were stolen in connection with the attack.

  • According to SolarWinds’ own filing with the U.S. Securities and Exchange Commission, SolarWinds on Dec. 13 notified about 33,000 customers of its Orion product notifying them of the compromise. However, the company believes the actual number of customers that may have had an installation of the Orion products that contained the vulnerability to be around 18,000. That communication included steps to mitigate the vulnerability.
  • ZDNet reports that Microsoft’s security team – along with other tech companies – have seized a domain that served as command and control server for malware delivered to those 18,000 customers. The website reported the takedown was an effort to prevent the threat actors from delivering new orders to infected devices.
  • In a Tuesday security blog, Microsoft said it is has released detections that alerted customers to the presence of malicious binaries that hackers inserted into the SolarWinds Orion platform. Customers should consider any device with the binary as compromised and should be investigating devices with the alert. Starting Wednesday, Microsoft Defender Antivirus will begin blocking the known malicious binaries in the SolarWinds product to quarantine the binary even if the process is running.
  • According to cybersecurity firm Symantec and news organization Reuters, attackers only went after high-profile government targets in the U.S. and elsewhere despite having access to thousands of entities. Targets included the U.S. Department of Homeland Security, U.S Treasury Department, U.S. Commerce Department, the U.S. State Department and the National Institutes of Health.
  • According to the New York Times, other government agencies that use the software are the Centers for Disease Control and Prevention, the National Security Agency, Justice Department, agencies in the Pentagon and utility companies.
  • Researchers from cybersecurity firm Volexity wrote in a blog that the company has been able to track the attacks to multiple incidents it worked in late 2019 and 2020 at a U.S.-based think tank. The firm uncovered tools, backdoors and malware implants that allowed the attackers to remain undetected for several years, and they used a new technique to bypass multi-factor authentication to access a user’s Outlook account.
  • Officials have not yet said publicly said who they think is responsible, but anonymous sources being cited by numerous media outlets are unanimous that hackers backed by the Russian government are responsible.

We’re tracking this story and will update our readers with more information once it becomes available. For now, IT professionals should look for indications of a compromise and take steps to mitigate this massive vulnerability.

Tagged With: Cybersecurity, SolarWinds

Related Content:

  • Infosec, Cybersecurity Awareness Infosec Launches Free Educational Resources for Cybersecurity Awareness…
  • Microsoft August 2022 Patch Tuesday August 2022 Patch Tuesday: 121 Microsoft Vulnerabilities
  • Log4j, Log4Shell Modern Cyber Threats, Supply Chain Attacks Are Burning…
  • WatchGuard Ransomware, Dragos, OT Ransomware Groups Continue to Disrupt Industrial Operational Technology

Free downloadable guide you may like:

  • Blueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.