SolarWinds: Hacked firm issues urgent security fix
- Published
Network tools specialist SolarWinds has updated its flagship Orion software, 11 days after revealing a major breach.
On 13 December, it disclosed that Orion had been compromised. It was used as a means to penetrate US government networks and companies including Intel.
It was later revealed that the product had also been compromised by malware from a suspected second perpetrator, adding a separate backdoor.
SolarWinds said industry experts were helping it investigate the attacks.
The Texas-based company provides computer network management tools to a wide variety of clients including British accountants Deloitte, US chip-maker Nvidia and the Californian cloud-computer software firm VMWare.
A UK security source told the BBC a small number of British organisations had probably been affected.
Some experts have warned it could take more than a year for organisations to determine whether attackers have penetrated their systems, stolen any data or installed backdoors.
Sean Koessel, from the cyber-security company Volexity, warned companies: "Don't leave any stone unturned."
"I could easily see it taking half a year or more to figure out, if not into the years, for some of these organisations," he told the Reuters news agency, external.
The identities of those responsible for the attacks on Orion remain unclear.
However, several US government officials and security experts have pointed the finger at Russia for being behind the more devastating "Sunburst" attack. The Kremlin has denied responsibility.
US National Security Adviser Robert O'Brien told Fox News, external: "It's clearly a sophisticated intelligence operation and no doubt was done by a state actor. And we'll get around to attribution of that at a time and place of our choosing."
Crowdstrike - a leading US cyber-security firm - has said that it believes those responsible for the Sunburst hack also tried to breach its systems earlier this year, external.
The firm said it was alerted to the fact by Microsoft on 15 December, although the hackers' attempt had failed.
- Published23 December 2020