The SolarWinds supply chain attack was one of the biggest cyber incidents there's ever been. Here's how the company has dealt with the aftermath.
In 2019, IT outsourcing and consulting giant Wipro was breached and used as jumping-off point to target at least a dozen of its customers’ systems. A survey conducted in June 2020 by Opinion Matters for BlueVoyant states that 80% of organizations have had a breach that was caused by...
Several months before that, the massiveSolarWinds attackbreached U.S. federal agencies, infrastructure and private corporations in what is believed to be among the worst cyberespionage attacks inflicted on the U.S. On Dec. 13, 2020, Austin-based IT management software company SolarWindswas hit b...
“Over 70 gigabytes of customers’ personal information was breached,” says Trevin Edgeworth, red team practice director at Bishop Fox. The data was accessible over the internet, Edgeworth says. “The hackers’ approach did not require most of the cyber kill chain phases, such as weaponization,...
In late December, software company SolarWinds became aware of a supply chain attack on one of its software systems. The attackers added malware to signed versions of the supplier’s software, which was then used to infiltrate 18,000 private government and private organizations. The malware became...
On December 14, 2020, malicious backdoors known as Sunburst and Supernova were discovered in SolarWinds. SolarWinds is a major information technology company based in the United States that creates software to help businesses manage their networks, systems, and IT infrastructure. ...
Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019, at the time hackers breached SolarWinds' internal network. Other related malware includes ...
(10-K and others). In an unprecedented move, the SEC sued SolarWinds, makers of Orion IT management software used by government agencies, alleging the company and its CISO, who is named in the lawsuit, misled and defrauded investors by failing to disclose system vulnerabilities that led to...
SolarWinds Also in 2020, a group of hackers hid malware inside a legitimate software update from SolarWinds, maker of a popular IT infrastructure management platform. The hackerssuccessfully breachedMicrosoft, Intel and Cisco, in addition to various US government agencies. Then, they used steganograph...
Neither SolarWinds nor U.S. cybersecurity authorities have publicly identified which organizations were breached. Just because a company or agency uses SolarWinds as a vendor doesn't necessarily mean they were vulnerable to the hacking. The malware that opened remote-access backdoors was injected int...