Texas-based IT management and monitoring solutions provider SolarWinds told the U.S. Securities and Exchange Commission (SEC) that its executives were not aware that the company had been breached when they decided to sell stock.
News that SolarWinds was breached as part of what appears to be a sophisticated cyber-espionage campaign had a significant impact on the value of the company’s shares.
Just days before the hack came to light, the firm’s two biggest investors, Silver Lake and Thoma Bravo, sold more than $280 million in stock to a Canadian public pension fund. The investors said in a statement that they were not aware of the cyberattack when they sold the stock.
While SolarWinds initially did not respond to requests for comment on the suspicious timing of the stock sales, the company told the SEC in a filing that “all sales of stock by executive officers in November were made under pre-established Rule 10b5-1 selling plans and not discretionary sales.”
It’s worth noting that Equifax also claimed that its executives were not aware of the massive breach suffered by the company in 2017 when they sold stock, but it later turned out that insider trading did take place.
SolarWinds’ investigation is ongoing, but the company said it had found no evidence that the attackers targeted products other than its Orion monitoring platform. The attackers leveraged their access to push trojanized updates to as many as 18,000 customers between March and June 2020. However, security researchers determined that the firm was likely breached at least one year before the intrusion was discovered.
The number of major companies that have confirmed being impacted, at least to some extent, continues to grow. Cisco, VMware and Microsoft have confirmed finding compromised Orion software on their systems, but they all claimed impact was limited.
As for government targets, the list includes the State Department, Commerce Department, Treasury, Homeland Security Department, and the National Institutes of Health. A senator revealed on Monday that dozens of email accounts were compromised as part of the attack targeting the Treasury.
Shortly after the SolarWinds breach came to light, several people said the attack seemed to be the work of Russian cyberspies, which U.S. Secretary of State Mike Pompeo appeared to confirm on Friday. However, President Donald Trump suggested on Saturday that it may have been China, not Russia. Both China and Russia have denied the accusations.