• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

Cybersecurity
Photo: Bloomberg
December 14, 2020
Bloomberg

At the epicenter of the most sprawling cyberattack in recent memory is a two-decade-old, Austin, Texas-based software maker called SolarWinds Corp. While barely known outside geeky tech circles, its customer list boasts of every branch of the U.S. military and four-fifths of the Fortune 500.

Many of those customers found themselves ensnared in the attack because suspected Russian hackers inserted a vulnerability into a popular SolarWinds’ software product, designed to give users a bird’s eye view of the varied web of applications that keep their operations humming.

In a filing to the U.S. Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 of its customers. Those clients include government agencies around the globe and some of the world’s largest corporations.

The company “has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,” according to the filing. “SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”

SolarWinds fell 17% on Monday and closed at $19.62. The company said it has sent mitigation steps to relevant customers and is providing an additional “hotfix” update Dec. 15.

APT 29, a hacking group linked to the Russian government, is suspected of being behind the breach. The Department of Commerce was breached, as were the departments of Homeland Security and Treasury, Reuters reported.

The global hacking campaign also included the Dec. 8 cyberattack on the cybersecurity firm FireEye Inc.

The Russian Embassy has denied any involvement in the hack, saying that Russia “does not conduct offensive operations in the cyber domain.”

Governments and companies are now racing to determine how such a security disaster materialized, and how it is that an obscure company founded by two brothers in the 1990s now appears to be at the heart of a potentially major Russian intelligence coup.

According to its website, SolarWinds has more than 300,000 customers. Outside the U.S., SolarWinds has picked up contracts for the U.K. National Health Service, European Parliament and NATO, according to its website.

The company was founded in Tulsa more than two decades ago by brothers David Yonce and Donald Yonce after they heard friends “griping about a long, specific list of frustrations managing their infrastructures,” according to an article from January on the company’s website. “They were part of the same perennial discussion we all share in tech. ‘Why can’t somebody just make a tool that X?!’ The difference was they decided to do something about it.”

SolarWinds provides network monitoring needs for government agencies and private sector companies, marketing itself on its LinkedIn page as “Everybody’s IT.” SolarWinds has taken down its webpage that details its U.S. government and private-sector clients.

Its Orion product is a powerful and important monitoring tool, allowing computer systems administrators to see the status of a company or organization’s network at a glance. Because Orion provides information on the entire network, it also has privileged access to sensitive parts of the network.

“It gives you visibility across our entire network and allows you to quickly respond when a server or router goes down,” said Ben Johnson, chief technology officer of Obsidian Security. “But if you’re trying to do global monitoring of systems and traffic, that has very trusted access.”

Hardly a household name, SolarWinds is the number three maker of IT operations software, behind Splunk Inc. and International Business Machines Corp., according to data provided by Gartner Inc. SolarWinds’ other main competitors are Cisco Systems Inc. and Microsoft.

Hackers penetrated Orion’s update system, introducing malicious code disguised as legitimate Orion updates, according to blog posts by FireEye and Microsoft Corp. The malicious vulnerability existed in updates between March and June, the company said. The hacking tool embedded within the update even stored stolen data within the Orion software to evade detection, according to FireEye. The result was that hackers could snoop on a company’s network all while appearing as legitimate traffic.

As of mid-day Monday, the malicious update was still available for download on SolarWind’s website, according to Karim Hijazi, founder and chief executive of Prevailion Inc., a Maryland-based cybersecurity firm. Hijazi said his team compared the available download with security alerts identifying the tampered update, and it’s an exact match.

That appears to contradict a statement the company made earlier in the day that Orion products downloaded after June didn’t contain the vulnerability. When asked about continued access to the malicious file, SolarWinds denied the claim and referred a Bloomberg reporter back to the company’s statement to the SEC. Following the email exchange, the web page that previously hosted the malicious software update was taken down, Prevailion said. It now reads, “Not found.”

The number of victims is likely to climb as companies and governments comb their computer systems for traces of the hackers.

“The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” according to FireEye. “We anticipate there are additional victims in other countries and verticals.”

The breadth of the damage caused by the hacking campaign is still unknown. The Russian hackers most likely prioritized the most valuable intelligence targets first, meaning it wouldn’t have had time to penetrate every SolarWinds customer. “Once you’re discovered, that’s when you start to pull everything you can,” Johnson said. “It’s going to be a crazy week.”

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Technology Supply Chain Security & Risk Mgmt
  • Related Articles

    Government Streamlines Process for Selling IT to U.S. Agencies

    U.S. Agencies Failed to Heed Cybersecurity Warnings, GAO Says

    China’s Microsoft Hack, Russia’s SolarWinds Attack Threaten to Overwhelm U.S.

Bloomberg

Volvo May Move Investments to U.S. If Europe’s Green-Tech Push Falls Short

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • A COMPLEX SERIES OF ROADWAYS AND RAMPS, SEEN FROM HIGH ABOVE, IS PARTLY SHROUDED BY CLOUD

    Supply Chain Visibility Isn’t Just a Catchphrase; It’s an Imperative

    Logistics
  • A WOMAN IN HER LIVING ROOM GESTURES IN DISMAY ON THE PHONE OVER AN OPEN SHIPPING BOX

    Retailers – Quit Bellyaching and Differentiate Yourself on Returns

    Reverse Logistics
  • A Mid Adult Male Truck Driver Doing Exercises Before Road Trip by the side of a truck

    Podcast | Yoga for Truck Drivers? It’s a Mother Trucker!

    LTL/Truckload Services
  • A STORE WINDOW DISPLAYS AN ARRAY OF DESIGNER PURSES

    Can AI Turn the Tide Against Product Counterfeiters?

    Sourcing/Procurement/SRM

Digital Edition

Scb q1 2023 cover

2023 Supply Chain Management Resource Guide: Packing for a Difficult Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing