![solarwinds supply chain attack solarwinds supply chain attack](https://i2.wp.com/semiengineering.com/wp-content/uploads/OneSpin_6MS06-formal-supply-chain-security-fig1.jpeg)
![solarwinds supply chain attack solarwinds supply chain attack](https://secrutiny.com/wp-content/uploads/2020/12/Picture1-300x162.png)
- #Solarwinds supply chain attack upgrade#
- #Solarwinds supply chain attack software#
- #Solarwinds supply chain attack code#
#Solarwinds supply chain attack code#
READ MORE Microsoft downplays threat after admitting SolarWinds attackers accessed source code
![solarwinds supply chain attack solarwinds supply chain attack](https://blog.rapid7.com/content/images/2021/01/sunspot_og-2.jpg)
#Solarwinds supply chain attack upgrade#
The idea behind the free-of-extra-cost program, which is funded by SolarWinds, is to provide extra assistance to some customers who may not have the resources to upgrade easily, due to issues such as financial constraints or technical knowledge. “Specifically, we also worked with our worldwide partners and created a program called the Orion Assistant Program.” “What started off as a reactive measure, we started learning about the incident, we started addressing issues, and one of the foundations of what we’ve been trying to do is transparency as we enhance the trust that we have with our customers. This required even the CEO to speaking to customers and find out their concerns, which Ramakrishna said was mainly how it would affect them. Ramakrishna explained that there was a security incident response team in place even before the exploitation of the backdoor, but that the incident “escalated the significance” of that team and required the company to take an “all hands on deck” approach. Laura Koetzle interviews SolarWinds CEO Sudhakar Ramakrishna about the high-profile attack SolarWinds was eventually able to pinpoint exactly what the attackers achieved by assessing hundreds of terabytes of data and thousands of build systems. Ramakrishna said that the incident was made more difficult “given the resources of a nation state” – in this case, the attack is blamed on APT29 – or ‘Cozy Bear’ – a group linked by threat intel experts to Russia’s foreign intelligence service (SVR). READ Who is behind APT29? What we know about this nation-state cybercrime group
![solarwinds supply chain attack solarwinds supply chain attack](https://zix.com/sites/default/files/styles/resource_image/public/2021-03/threat_alert_thumb.jpg)
“And in this particular case, given the amount of time they spent, and given the deliberateness they had in their efforts, they were able to cover their fingerprints, cover their tracks, at every step of the way.” “When you go through an investigation, you have a checklist, you have a set of hypotheses, you try to map things. “We were looking for all the usual clues,” the CEO added. Ramakrishna described the attacks as “extremely well done and extremely sophisticated, where they did everything possible to hide in plain sight”. The unknown actors, who evaded detection from both SolarWinds and its clients for months, were able to steal files and data from victims, including source code taken from Microsoft.
#Solarwinds supply chain attack software#
Ramakrishna, who took over the post in January 2021, said he was first made aware of the backdoor in December 2020, a month before he joined the company.īACKGROUND Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attackįireEye, the first to publicly report the attack, said that threat actors accessed Orion users’ networks via a trojan injected into software updates. “What we have found recently is that attackers may have been in our environment as early as January 2019,” Ramakrishna told Laura Koetzle, vice president and group director at Forrester Research, during the chat. Official statements have until now stated that the attackers gained access to SolarWinds’ systems in September 2019 at the earliest, however Ramakrishna explained that there was evidence of “early recon activities” as far back as the start of that year. Speaking during a fireside chat at the RSA Conference 2021, SolarWinds CEO Sudhakar Ramakrishna said that new evidence suggests the malicious actors first targeted the software as early as January 2019. The vulnerabilities in its Orion software enabled attackers to compromise the accounts of customers including Microsoft, many US government agencies, and cybersecurity firm FireEye. Headlines were dominated earlier this year by the news that a backdoor in software updates distributed by the IT management and monitoring platform had been used to gain access to SolarWinds’ clients. This is according to the CEO of the company, who last night (May 19) shed light on what happened in the run up to the high-profile attack. The nation-state attackers behind the SolarWinds supply chain attack could have gained access to the company nine months before it has been previously reported. Company CEO sheds light on high-profile breach at RSA Conference 2021