Solarwinds has been hacked

2 minute read

SolarWinds, one of the world leaders in network infrastructure, has been hacked and data of some of the worlds biggest companies has been compromised. Not to mention that various departments of the US government have also been affected possibly leaving highly classified information in the hands of Russia.

It’s widely believed that the people who hacked SolarWinds are a group of Russian state-backed hackers. This seems likely as they have a lot to gain from the information they can access because they managed to gain access to the US National Nuclear Security Administration, aka the group in charge of the USA’s nuclear weapons. This is also the leading theory from Microsoft who identified the hack and suggested that Russian hackers were behind the attack.

However, Donald Trump has cast doubts on this with a tweet putting the blame of the hack on China with little to no evidence apart from his unsubstantiated claims that the media is to scared to blame China. The truth to this matter is that there is little to no evidence that China is involved and that according to Microsoft the most likely culprit is Russia.

Away from who is to blame however, is the more serious issue. How worried should we be? Well according to Microsoft this attack is “remarkable in scope, sophistication and impact” which makes sense as it even reaches into branches of the US government and multiple large organizations including Microsoft themselves. This sounds worrying until you hear the information that’s actually been released.

According to the US National Nuclear Security Administration the hackers didn’t gain access to any mission critical information. This is a statement from a DOE spokesperson that was given to bleepingcomputers.

The Department of Energy is responding to a cyber incident related to the SolarWinds compromise in coordination with our federal and industry partners. The investigation is ongoing and the response to this incident is happening in real-time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.

Microsoft have also provided a statement to BleepingComputer stating the following.

Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,

This is the full list of victims as it stands:

  • FireEye
  • U.S. Department of the Treasury U.S. National Telecommunications and Information Administration (NTIA)
  • U.S. Department of State
  • The National Institutes of Health (NIH) (Part of the U.S. Department of Health)
  • U.S. Cybersecurity and Infrastructure Security Agency (CISA)
  • U.S. Department of Homeland Security (DHS)
  • U.S. Department of Energy (DOE)
  • U.S. National Nuclear Security Administration (NNSA)
  • Three US states (Specific states are undisclosed)
  • Microsoft

I will continue to update this story as more information becomes available.