Five days after FireEye detailed the theft of about 300 of its proprietary cybersecurity tools, SolarWinds announced that its Orion IT monitoring platform had also been compromised by hackers believed to be sponsored by the Russian government. Together, the attack that originated with a SolarWinds vulnerability turned over critical cybersecurity infrastructure to the malicious actors, along with potential access to thousands of global entities’ sensitive information. As the cybersecurity world wraps its head around how two top vendors were breached, we examine the organizations involved, details of the attack, and implications for the industry and its customers.
The attacks
Earlier this month, the U.S. National Security Agency warned that federal agencies were actively being exploited by “Russian state-sponsored actors.” A week later, FireEye’s prized Red Team hacking tools were stolen by a presumed Russian actor. And now we’ve learned that SolarWinds’ Orion platform has been available to intruders since March.