The Texas-based IT company SolarWinds recently announced that it has suffered a “highly-sophisticated, targeted and manual supply chain attack by a nation state,” which may have left multiple U.S. government agencies vulnerable. The federal government is investigating a major hack of government agencies including the Treasury Department.
Reuters reports that the Texas-based IT company SolarWinds revealed on Sunday that hackers may have gained access to the networks of the U.S. Treasury and Commerce departments by sneaking malware into a recent SolarWinds software update.
SolarWinds CEO Kevin Thompson said in a statement that the company believes that products it released in March and June of this year were modified in a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Currently, the FBI and the Department of Homeland Security’s cybersecurity arm are investigating what many experts believe to be a large-scale penetration of U.S. government agencies. Breitbart News reported more extensively on the hack here.
In a recent statement, National Security Council spokesperson John Ullyot stated that the U.S. government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
SolarWinds produces an extremely popular piece of server software used by hundreds of thousands of organizations globally. Most Fortune 500 companies and many U.S. federal agencies utilize the software and will be working hard to secure their networks following news of the hack.
SolarWinds boasts 300,000 customers worldwide including all five branches of the U.S. military including the Pentagon, the State Department, NASA, the NSA, the Department of Justice, and the White House. The 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also SolarWinds customers.
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at https://t.co/scsUhZJCk8
— SolarWinds (@solarwinds) December 14, 2020
Former director of the Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs commented on Twitter that “hacks of this type take exceptional tradecraft and time,” and added that he believed that the impact of the hack was only beginning to be understood.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.
— Chris Krebs (@C_C_Krebs) December 13, 2020
Breitbart News will continue to report on this story as more information is available.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address email@example.com