SolarWinds confirmes 18,000 customers may have been impacted

18,000 SolarWinds customers may have been impacted by the attack against its supply chain, the company said in a SEC filing.

SolarWinds revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain. The alarming data emerged in a filing with the Securities and Exchange Commission (SEC) on Monday.

“On December 13, 2020, SolarWinds delivered a communication to approximately 33,000 Orion product customers that were active maintenance customers during and after the Relevant Period. SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000.” reads the SEC filing.

Today security firm reported that hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products.

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. 

Nation-state actors, allegedly Russia-linked hackers have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

A report published by the Washington Post, citing unnamed sources, attributes the attacks to APT29 or Cozy Bear, the Russia-linked APT that’s believed to have recently compromised the top cybersecurity firm FireEye.

FireEye is investigating the supply chain attack, it already confirmed that a threat actor tracked as UNC2452 had used a trojanized SolarWinds Orion business software updates to distribute a backdoor tracked as SUNBURST.

According to the experts, the campaign may have begun as early as Spring 2020 and is still ongoing.

The attacks are the work of a highly-skilled threat actor and the operation was conducted with significant operational security, FireEye explained.

In a security advisory published by SolarWinds, the company confirmed the supply chain attack, the threat actors compromised versions 2019.4 through 2020.2.1 of the SolarWinds Orion Platform software that was released between March and June 2020. 

The company notified roughly 33,000 Orion customers of the incident, but it argued that fewer than 18,000” customers may have used the backdoored version of its products.

According to the SEC filing, SolarWinds learned from Microsoft about a compromise of its Office 365 email and office productivity systems.

The company is still investigating the incident to determine if some data was stolen and if other products might have been impacted.

“There has been significant media coverage of attacks on U.S. governmental agencies and other companies, with many of those reports attributing those attacks to a vulnerability in the Orion products. SolarWinds is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited in any of the reported attacks.” continues the SEC filing.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]