Investigation into SolarWinds hack in full swing

Get a free Techzine subscription!

Thousands of companies and various government organisations are looking for clues that they have been affected by the hack on the SolarWinds software. Presumably Russian hackers had built a backdoor into the company’s Orion software.

Some Reuters sources have reported that the hackers have been able to read e-mails sent by officials within the US Department of Homeland Security (DHS). The Department of Defense does not want to share any further details.

18,000 computers

In total, the compromised software would have been installed on some 18,000 computers. From these computers, the hackers could spy on these computers and their surrounding networks for months.

However, exploiting the hack seemed to require a lot of manual work. Hackers had access to thousands of computers, but had to dig for data on each of them by themselves.

Backdoor

Last week it became known that malicious code was added to the code of SolarWinds’ Orion software. This software created a backdoor on all computers on which the software had been installed. Removing or updating Orion does not necessarily close the backdoor, as hackers may have used it to install a second stand-alone backdoor on the affected computer.

Many large companies have been affected by the hack, including several government organisations and the vast majority of the companies on the Fortune 500. These organisations are now trying to find out to what extent the hack also had a direct impact on them.