6 out of 11 EU agencies running Solarwinds Orion software were hacked

SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed.

European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021.

The EU official response is based on the results of an investigation conducted by the EU Computer Emergency Response Team (CERT-EU).

CERT-EU confirmed that 14 EU agencies were running the SolarWinds Orion monitoring software, and six of them were breached. Anyway, the CERT-EU did not reveal the name of the EU agencies that installed the tainted Orion updates.

In December 2020, SolarWinds revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain. The alarming data emerged in a filing with the Securities and Exchange Commission (SEC) on Monday.

Nation-state actors, allegedly Russia-linked hackers have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.

A report published by the Washington Post, citing unnamed sources, attributes the attacks to APT29 or Cozy Bear, the Russia-linked APT that’s believed to have recently compromised the top cybersecurity firm FireEye.

In January, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.

“CERT-EU officials claimed that they don’t have a full picture as EU official bodies are not required to report security incidents to their agency, with reporting taking place on a voluntary basis.” states TheRecord that first reported the news. “In the cases they received information, CERT-EU said that some agencies sent limited details on the attacks, and, while in other reports, network logs, used to hunt for clues about the hackers’ actions, were often not available.”

Last week, the EU also disclosed a separate security breach of multiple official bodies in an attack still shrouded in mystery.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.