The pervasiveness of SolarWinds backdoor attack, the sophistication of the hackers behind it and the number of high-profile victims make it the biggest cyber attack of 2020 — and possibly the past decade.
The ongoing SolarWinds breach also shines a light on how dangerous a supply chain attack can be and gives infosec pros yet another reason to evaluate their security systems and processes.
FireEye Inc. disclosed on December 13, 2020 that suspected nation-state hackers had successfully carried out a vast supply chain attack on SolarWinds Orion, a popular IT performance monitoring platform. The attack allowed threat actors to access government and enterprise networks worldwide.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence said in a joint statement with the FBI on December 17 that the attacks are ongoing and widespread.
Major tech companies, including Cisco, Intel, Microsoft and Nvidia, reported malicious SolarWinds updates, though the companies say there is no evidence that threat actors breached their networks.
On January 6, the U.S. Department of Justice published a statement saying the global SolarWinds incident affected multiple federal agencies — including the Justice Department’s Microsoft Office 365 email system. The breach appears to have affected 3% of the Office 365 mailboxes, and the Department said there’s no indication that classified information was affected.
Investigations into the SolarWinds backdoor cyber attack so far point to Russian espionage.
Here, we provide everything you need to know about the SolarWinds breach, how it infiltrates systems, and the ongoing response from infosec industry experts and vendors.