2 min

The Wall Street Journal asked several companies asking whether they had been affected by the malware contained in SolarWinds Orion. This appears to be the case with multiple large IT companies.

The newspaper writes that network company Cisco, chip designers Intel and Nvidia, accounting firm Deloitte, cloud software company VMware and router manufacturer Belkin had all installed the affected software on a system at their company. Hospitals and universities were also affected.

No evidence of abuse

All the companies mentioned told the newspaper that although the software had been installed on their systems, they found no evidence that the hack had been abused.

Exactly what the hackers were after has not yet been confirmed. Investigators and security experts suspect that they were mainly looking for internal communications, government secrets, e-mails from boards of directors, files about about sensitive technologies and further vulnerabilities.

Manual digging

The malicious code did not automatically steal data. The compromised software only created a backdoor to the computer and sent a message to the hackers that the computer was infected. The hackers then had to explore the affected computer manually.

Since about 18,000 computers were infected, likely, the hackers didn’t touch the vast majority of infected computers. According to researchers, the hackers were Russian and were mainly looking for information about the US government.

Supernova

Last week more malicious code in SolarWinds Orion appeared in addition to the Sunburst code. This code, which has been named Supernova, is less advanced. Researchers, therefore, suspect that this is an independent attack by another group.