Security Experts:

Connect with us

Hi, what are you looking for?



Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report

It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports.

It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports.

The New York Times reported over the weekend that the SolarWinds supply chain attack is believed to have impacted as many as 250 government agencies and businesses.

It was previously revealed that the list of victims included major tech companies such as Microsoft, Cisco and VMware, and U.S. government agencies such as the State Department, Commerce Department, Treasury, DHS, and the National Institutes of Health.

Microsoft admitted recently that the attackers gained access to some of its source code, but the company claimed they couldn’t have made any modifications to the code.

The New York Times also learned that some SolarWinds software is maintained in Eastern Europe and investigators in the U.S. are now trying to determine if the breach originated there.

This link to Eastern Europe has raised some concerns considering that many believe the attack was conducted by hackers connected to Russian intelligence.

In the meantime, SolarWinds continues to share updates regarding its investigation into the incident. The supply chain attack involved the use of trojanized updates for the company’s Orion monitoring product in an effort to deliver, among other things, a piece of malware named SUNBURST.

However, investigations revealed the existence of a different piece of malware, named SUPERNOVA, that may have been used by a different threat actor as part of an operation that may not be related to the supply chain attack.

SolarWinds and others are trying to determine if SUPERNOVA, whose delivery involved exploitation of a zero-day vulnerability, is connected to SUNBURST. In its latest update, the company said it does “not have a definitive answer at this time” regarding SUNBURST and SUPERNOVA possibly being related.

On December 18, shortly after the SolarWinds breach came to light, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive instructing federal agencies to immediately take steps to detect, investigate and respond to potential intrusions. On December 30, CISA issued supplemental guidance to help government organizations mitigate the threat.

Related: Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank

Related: SolarWinds Likely Hacked at Least One Year Before Breach Discovery

Related: SolarWinds Claims Execs Unaware of Breach When They Sold Stock

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...