Software provider SolarWinds (SWI) announced that it has found the source of the high profile cyberattack which affected over 18,000 of the SolarWinds customers and multiple federal government agencies. Federal agencies that confirmed being affected by the breach include the Department of Homeland Security(DHS), the Treasury Department, the Energy Department, and the Commerce Department.
Researchers Point Fingers at Russia
In an 8K filing to the Securities and Exchange Commission, the company stated that by reverse-engineering the code, they gained more details about the tool that was developed and deployed to carry out the attack.
SolarWinds added that it couldn’t verify the perpetrators’ identity, however, the analysis suggests that "by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies and the federal government."
The report stated that "The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer's IT environment” and if it gets exploited, hackers “had to avoid firewalls and other security controls within the customer's environment."
It is believed that the hackers behind the cyberattack against SolarWinds are connected to Russia’s foreign intelligence service. Analysis suggests that the malware was inserted into software updates for SolarWinds’ Orion IT infrastructure management software between March and June last year.
For additional information on its findings, SolarWinds has asked its clients to visit a blog post written by CrowdStrike.