SolarWinds Cyberattack: What You Need to Know

2020 was truly an eventful year. But just as it was about to end, an incident that affected thousands of top-tier companies such as Microsoft, Cisco, FireEye and even the US government happened: The SolarWinds hack,

SolarWinds, a major US information technology firm, has been involved in an attack that compromised its infrastructure, affecting at least 18,000 of its customers between March and June of 2020, according to SolarWinds president and CEO Sudhakar Ramakrishna. 

What is SolarWinds?

SolarWinds Inc. is an American company based in Austin, Texas that develops software to help businesses manage their networks, systems and information technology infrastructure. One of the company’s products is a powerful and scalable infrastructure monitoring and management platform called Orion. 

The SolarWinds Attack

Foreign hackers who some US government officials believed to be directed by Russia’s Foreign Intelligence Service, the SVR. the nation-state hackers gained access to the networks, systems and data of thousands of SolarWinds clients. According to SolarWinds, 33,000 of their customers including public and private organisations were using the company’s software system, Orion, to manage their IT resources. As early as March of 2020, SolarWinds inadvertently sent out a software update to its clients which included the hack code. 

As a result, the software update that was supposed to provide regular bug fixes and performance enhancement has been used by hackers as a backdoor to access customers’ information technology systems which were then used as a vehicle for a massive cyberattack. 

The Victims

According to the Wall Street Journal, at least six US government agencies including the Department of Homeland Security, the Department of State and the Department of Commerce were attacked. Private companies like Intel and Deloitte as well as other organizations like the California Department of State Hospitals and Kent State University have also suffered from this attack. 

Elite cybersecurity firm FireEye was the first victim to discover the intrusion. FireEye’s former CEO Kevin Mandia stated that someone from their security team had noticed that one of their employees appeared to have two phones registered on his network so they tried calling him. That’s when they realised that it wasn’t their employee who was registering the second phone, it was another person. ​

Who Was Responsible for the Attack?

The federal investigation and cybersecurity experts believe that Russia’s Foreign Intelligence Service is behind the attack. The same Russian group was said to be the one responsible for hacking the email servers of the White House, State Department and the Joint Chiefs of Staff during the Obama administration.

On the contrary, the Russian government has denied the allegations. According to SVR director Sergei Naryshkin, he was “flattered” by the accusations from the United States and Britain but he could not “claim the creative achievements of others as his own”.

Then-president Donald Trump believed that Chinese hackers might be behind the SolarWinds attack. However, he did not provide any evidence to support his claim. But in an executive order issued on April 15, 2021, President Joe Biden imposed a variety of economic sanctions against several Russian institutions for having participated in “harmful foreign activities,” including but not limited to the hack.

Why the SolarWinds Cyberattack Matters

The SolarWinds supply chain cyberattack has been considered a global hack. With the hackers using SolarWinds’ Orion software as a weapon to gain access into thousands of public and private organisations and several government systems, this attack could cause a lot of changes in the  world of cybersecurity.

According to Business Insider, organisations are now more cautious than ever, assuming that there are threats, instead of reacting to attacks after they are found. The Associated Press reported that the US government may reorganise its cybersecurity efforts by separating the Cyber Command Independent from the National Security Agency.