A total of 18,000 organizations, authorities, and companies are said to have been compromised through updates to the IT monitoring and management software Orion. The software manufacturer, Solarwinds announced this. It had previously become known that the security company FireEye and several US authorities, including US ministries and military facilities, were hacked in this way.
The attack was not detected until a few weeks ago when online security company FireEye alerted intelligence services that hackers had bypassed several layers of defenses. The attack was apparently carried out through a trojan, known as Sunburst, installed in Microsoft office software updates prepared by the SolarWinds company.
According to Solarwinds, the Sunburst malware was introduced via the software build system. However, according to the manufacturer, the malware did not exist in the source code repository of the Orion products. In the period between March and June 2020, the malware is said to have been inserted here and offered for download via the update server.
Solarwinds believes that all customers who have downloaded, implemented, or updated Orion products during this period have been compromised.
That should be over half of Orion’s 33,000 customers. Nearly every Fortune 500 company, including the New York Times, uses SolarWinds software. It is not yet known how many of the customers downloaded the malware but actually hacked and had data stolen.
All customers have now been informed, writes Solarwinds. According to its own information, the company has a total of 300,000 customers, including authorities and ministries, including large companies such as AT&T, Cisco, Mastercard, Microsoft, and Siemens.
The state hacker group, APT29 from Russia, also known as Cozy Bear, is believed to be responsible for the attacks.