SolarWinds released the software updates to its customers not realizing that the updates were compromised.
Then, beginning in February 2020, the threat actor injected trojanized (hidden) code into a file that was later included in SolarWinds’ Orion software updates. The threat actor first conducted a “dry run,” injecting test code into SolarWinds’ network management and monitoring suite of products called Orion. We here at GAO are currently conducting a comprehensive review of the breach with plans to issue a public report later this year.īeginning in September 2019, a campaign of cyberattacks, now identified to be perpetrated by the Russian Foreign Intelligence Service (hereafter referred to as the threat actor), breached the computing networks at SolarWinds-a Texas-based network management software company. This information is based on publicly disclosed information from federal and private industry sources.
In today’s WatchBlog post, we look at this breach and the ongoing federal government and private-sector response. The cybersecurity breach of SolarWinds’ software is one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector.
0 kommentar(er)
