Skip to main content

Up to 18,000 businesses hit in SolarWinds hack

cybersecurity
(Image credit: Image source: Shutterstock/deepadesigns)

Further complications have been identified in relation to the FireEye data breach, which we first reported on last week.

It appears that not only was FireEye, together with a couple of US government agencies, breached as a result of a tainted SolarWinds update, but approximately 18,000 companies also fell victim to the attack.

SolarWinds, whose internal networks were breached by an unnamed state-sponsored actor, has filed documents detailing the breach with the US Securities and Exchange Commission.

It said that whoever was behind the attack used access to its internal networks to taint an update for its Orion program, which was distributed to its 330,000 customers. Of that number, 33,000 use Orion and 18,000 installed the malware-laced update.

All 33,000 affected customers were notified of the incident and SolarWinds is currently preparing an update that should remove all traces of the malware from systems. The company expects the patch to go live today.

It remains unclear how SolarWinds was breached to begin with, but the SEC filing hints that the hack involved an Office 365 exploit. According to ZDNet, the documents describe how Microsoft tipped SolarWinds off about a compromise of its Office 365 email and office productivity accounts, but the investigation is still ongoing.

With 18,000 companies affected, including multiple government agencies around the world, the incident has been described as one of the most significant hacks in recent years.

Although nobody knows for certain just yet, some experts have speculated that the Russian state-sponsored hacking group APT29 was behind the intrusion.