2 min Security

‘Department of Justice already knew of SolarWinds hack in May 2020’

‘Department of Justice already knew of SolarWinds hack in May 2020’

The U.S. Department of Justice was aware of the SolarWinds hack earlier than it had previously admitted. Suspicious traffic in its own IT environment was noticed as early as May 2020, while the government agency claimed it did not know about the hack until December 24 of that year.

This is the conclusion Wired has reached based on sources. Suspicious traffic had been discovered by the Department of Justice (DOJ) before it had signed an official contract with SolarWinds. A rather embarrassing fact that the Department seems to have tried to keep under the rug. At the time, the DOJ appeared to have been unaware of the significance behind the unexplained traffic.

At the DOJ, security teams were using a trial version of Orion software, a product of Texas-based SolarWinds, in the middle of 2020. Strange traffic pointed to communication with an unknown system on the internet. This led the DOJ to inquire with SolarWinds, but the company could find no vulnerabilities in its own software. SolarWinds became one of the DOJ’s official security suppliers in August 2020. However, secretly injected code within Orion gave hacker group Nobelium the opportunity to spy on hundreds of organizations.

Backdoor

Only in late 2020 did SolarWinds announce that it had been attacked by “highly sophisticated hackers.” The breach quickly proved to have been a massive supply chain incident. Hackers believed to be supported by the Russian state had injected a “backdoor” into the Orion software. This meant the group could gain access to as many as 18,000 customers using an infected Orion version. In practice, the group limited itself to hundreds of specific targets, including government agencies.

The hacker group had access to the logging and system performance data of many U.S. organizations, including Microsoft, Mandiant, Cisco and Intel. The backdoor was present at these companies for between four and nine months. This injected code not only allowed hackers to gain access to the data collected by Orion, but also used it as a means to insert even more malware into protected networks.

Also read: ‘SolarWinds hack group Nobelium still has huge attack potential’