SolarWinds CEO: “SolarWinds Orion Development Program was Exploited by the Hackers”

adi goldstein EUsVwEOsblE unsplash

 

Sudhakar Ramakrishna, CEO of SolarWinds confirmed that ‘suspicious activity’ was spotted in its Office 365 environment which permitted threat actors to secure access and exploit the SolarWinds Orion development program. Threat actors secured access into the SolarWinds’s environment via flawed credentials and a third-party application that a zero-day susceptibility.


Threat actors secured access to the SolarWinds email account to programmatically access accounts of targeted SolarWinds employees in business and technical roles. 
Threat actors used the compromised credential of SolarWinds personnel as a doorway for securing access and exploit the development environment for the SolarWinds Orion network monitoring platform. Initially, Microsoft alerted SolarWinds regarding a breach into its Office 365 environment on December 13 – the same day news of the data breach went public.

Ramakrishna wrote in a blog post that “we’ve confirmed that a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles. By compromising credentials of SolarWinds employees, the threat actors were able to gain access to and exploit our Orion development environment.”

“While it’s widely understood any one company could not protect itself against a sustained and unprecedented nation-state attack of this kind, we see an opportunity to lead an industry-wide effort that makes SolarWinds a model for secure software environments, development processes, and products”, he further added.

Investigators of SolarWinds have not spotted a specific flaw in Office 365 that would have permitted the threat actors to enter the firm’s environment via Office 365. Ramakrishna believes that the Russian foreign intelligence service has played a significant role in the SolarWinds’s hack. SolarWinds is analyzing the data from various systems and logs, including from its Office 365 and Azure tenants.

Brandon Wales, acting director of the Cybersecurity and infrastructure Security agency told The Wall Street that SolarWinds has no direct link to the 30 percent of the private sectors and government victims of the massive hacking campaign but investigators failed to identify another company whose products were widely compromised. SolarWinds’s investigation will be continued for at least one month due to the flawless campaign by the threat actors to remove evidence of their actions.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source