• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile

  • CORONAVIRUS
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • REGIONS
    • Asia Pacific
    • Canada
    • China
    • Europe
    • Latin America
    • Middle East/Africa
    • North America
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

Cybersecurity
Photo: Bloomberg
December 14, 2020
Bloomberg

At the epicenter of the most sprawling cyberattack in recent memory is a two-decade-old, Austin, Texas-based software maker called SolarWinds Corp. While barely known outside geeky tech circles, its customer list boasts of every branch of the U.S. military and four-fifths of the Fortune 500.

Many of those customers found themselves ensnared in the attack because suspected Russian hackers inserted a vulnerability into a popular SolarWinds’ software product, designed to give users a bird’s eye view of the varied web of applications that keep their operations humming.

In a filing to the U.S. Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 of its customers. Those clients include government agencies around the globe and some of the world’s largest corporations.

The company “has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,” according to the filing. “SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state.”

SolarWinds fell 17% on Monday and closed at $19.62. The company said it has sent mitigation steps to relevant customers and is providing an additional “hotfix” update Dec. 15.

APT 29, a hacking group linked to the Russian government, is suspected of being behind the breach. The Department of Commerce was breached, as were the departments of Homeland Security and Treasury, Reuters reported.

The global hacking campaign also included the Dec. 8 cyberattack on the cybersecurity firm FireEye Inc.

The Russian Embassy has denied any involvement in the hack, saying that Russia “does not conduct offensive operations in the cyber domain.”

Governments and companies are now racing to determine how such a security disaster materialized, and how it is that an obscure company founded by two brothers in the 1990s now appears to be at the heart of a potentially major Russian intelligence coup.

According to its website, SolarWinds has more than 300,000 customers. Outside the U.S., SolarWinds has picked up contracts for the U.K. National Health Service, European Parliament and NATO, according to its website.

The company was founded in Tulsa more than two decades ago by brothers David Yonce and Donald Yonce after they heard friends “griping about a long, specific list of frustrations managing their infrastructures,” according to an article from January on the company’s website. “They were part of the same perennial discussion we all share in tech. ‘Why can’t somebody just make a tool that X?!’ The difference was they decided to do something about it.”

SolarWinds provides network monitoring needs for government agencies and private sector companies, marketing itself on its LinkedIn page as “Everybody’s IT.” SolarWinds has taken down its webpage that details its U.S. government and private-sector clients.

Its Orion product is a powerful and important monitoring tool, allowing computer systems administrators to see the status of a company or organization’s network at a glance. Because Orion provides information on the entire network, it also has privileged access to sensitive parts of the network.

“It gives you visibility across our entire network and allows you to quickly respond when a server or router goes down,” said Ben Johnson, chief technology officer of Obsidian Security. “But if you’re trying to do global monitoring of systems and traffic, that has very trusted access.”

Hardly a household name, SolarWinds is the number three maker of IT operations software, behind Splunk Inc. and International Business Machines Corp., according to data provided by Gartner Inc. SolarWinds’ other main competitors are Cisco Systems Inc. and Microsoft.

Hackers penetrated Orion’s update system, introducing malicious code disguised as legitimate Orion updates, according to blog posts by FireEye and Microsoft Corp. The malicious vulnerability existed in updates between March and June, the company said. The hacking tool embedded within the update even stored stolen data within the Orion software to evade detection, according to FireEye. The result was that hackers could snoop on a company’s network all while appearing as legitimate traffic.

As of mid-day Monday, the malicious update was still available for download on SolarWind’s website, according to Karim Hijazi, founder and chief executive of Prevailion Inc., a Maryland-based cybersecurity firm. Hijazi said his team compared the available download with security alerts identifying the tampered update, and it’s an exact match.

That appears to contradict a statement the company made earlier in the day that Orion products downloaded after June didn’t contain the vulnerability. When asked about continued access to the malicious file, SolarWinds denied the claim and referred a Bloomberg reporter back to the company’s statement to the SEC. Following the email exchange, the web page that previously hosted the malicious software update was taken down, Prevailion said. It now reads, “Not found.”

The number of victims is likely to climb as companies and governments comb their computer systems for traces of the hackers.

“The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” according to FireEye. “We anticipate there are additional victims in other countries and verticals.”

The breadth of the damage caused by the hacking campaign is still unknown. The Russian hackers most likely prioritized the most valuable intelligence targets first, meaning it wouldn’t have had time to penetrate every SolarWinds customer. “Once you’re discovered, that’s when you start to pull everything you can,” Johnson said. “It’s going to be a crazy week.”

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Technology Supply Chain Security & Risk Mgmt
  • Related Articles

    Government Streamlines Process for Selling IT to U.S. Agencies

    U.S. Agencies Failed to Heed Cybersecurity Warnings, GAO Says

Bloomberg

U.S. Sanctions Help China Supercharge Its Chipmaking Industry

More from this author

Wake up to live
“Supply Chains in Crisis”
updates and the latest Supply Chain News!

Subscribe to our Daily Newsletter

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • 0620_NFT.png

    Can NFTs Be an Effective Tool for Supply Chain Visibility?

    Technology
  • The Craft Beer Boom: How to Satisfy Changing Consumer Tastes

    Shortages of Beer, Popcorn Join Supply Chain Crisis

    Global Supply Chain Management
  • FedEx

    FedEx Faces Big Changes as New Boss Confronts Higher Costs, Angry Contractors

    Last Mile Delivery
  • 0621_Burrito.png

    Chipotle Zeroes in on Supply Chain Traceability and Visibility

    Sourcing/Procurement/SRM
  • cyber crime

    The Cyber Blind Spot That Makes Every Supply Chain Vulnerable

    Regulation & Compliance

Digital Edition

Scb may 2022 sm

2022 Supply Chain ESG Guide

VIEW THE LATEST ISSUE

Case Studies

  • 3PL Doubles Productivity With Robots to Fulfill Medical Supply Orders

  • E-Commerce Company Cuts Order Fulfillment Time by 40%

  • Fashion Retailer Halves Fulfillment Time With Omichannel Automation

  • Distributor Scales Business by Integrating Warehouse Automaton Software

  • Fast-Growing Fashion Brand Scales E-Commerce Fulfillment With Whiplash

Visit Our Sponsors

Yang Ming Alithya Barcoding
Blue Yonder BNSF Logistics Generix
GEP GreyOrange Here
Honeywell Intelligrated IFM Inmar
Keelvar Kinaxis Korber
Liberty SBF Locus Robotics Logility
Lucas Systems Nvidia Old Dominion
ORTEC Parsyl QIMA
Redwood Logistics Saddle Creek Logistics Schneider Dedicated
Setlog Holding AG Ship4WD Shipwell
Tecsys TGW Systems Thomson Reuters
Tive Trailer Bridge Vecna Robotics
Verity
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2022 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing