The hackers behind the attack on the SolarWinds Orion software may have set up the attack earlier than initially thought. Until now, researchers assumed that the attackers entered the SolarWinds systems around March or April.
This is what Mark Warner, the senator in Virginia, tells Reuters. Warner serves as Vice-Chair of the Senate Intelligence Committee. It is not clear when the attacks would have started. Researchers think Russia is behind the attacks, but the country has denied any involvement.
The attack seems to be mainly directed at the US Government. The SolarWinds software was installed at many American government agencies. Yet Warner says that no hard evidence has yet been found that any classified documents were actually stolen.
“Regulation falls short”
Warner argues that American and international regulations make it difficult to take action against such attacks. He advocates the mandatory reporting of larger hacking incidents. “The amount of time it’s taking to assess the (latest) attack, it’s taking longer than we would like to take,” he says.
A few weeks ago, the news hit that the American software company SolarWinds had been hacked. The attackers had managed to add their own code to the company’s Orion software. The code created a backdoor on computers on which the software was installed, giving hackers access to all the computers on which Orion was running. This includes thousands of computers from a large number of business and government organisations.