Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

SolarWinds Hires New Cybersecurity Firm Founded by Former CISA Director Chris Krebs and Alex Stamos, Former Security Chief at Yahoo and Facebook

SolarWinds Hires New Cybersecurity Firm Founded by Former CISA Director Chris Krebs and Alex Stamos, Former Security Chief at Yahoo and Facebook

Following a significant security incident that sent shockwaves through the global cybersecurity community, SolarWinds has hired a newly formed cybersecurity consulting firm founded by Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Alex Stamos, former security chief at Facebook and Yahoo.

Generically named the Krebs Stamos Group (KSG), its website currently shows limited information about the firm, saying its goal is to “help organizations turn their greatest cybersecurity challenges into triumphs.”

Krebs Stamos GroupThe consulting firm will apparently help customers assess their security posture, provide them with advice on “critical, long-lasting decisions,” and help them create cybersecurity teams, processes, programs and culture. 

SolarWinds confirmed on Thursday that it has hired the company launched by Krebs and Stamos.

“We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company,” SolarWinds said in a statement to the media.

SecurityWeek has reached out to KSG for additional information about the company and its work for SolarWinds, but the company has yet to respond.

Krebs was fired from CISA in November by U.S. President Donald Trump after he refuted claims of electoral fraud and vouched for the integrity of the recent presidential election. After leaving Facebook in August 2018, Stamos became director of the Internet Observatory at Stanford University.  

In the meantime, the U.S. government and cybersecurity companies continue to investigate the SolarWinds breach. According to some media reports, investigators are looking into the potential role played in the attack by a product from JetBrains, a software development firm based in the Czech Republic.

JetBrains said it was not aware of any investigation, but did not rule out that its TeamCity software was somehow exploited by hackers, either due to a misconfiguration or a vulnerability.

The United States this week officially said Russia was likely behind the attack on SolarWinds, an accusation that the Kremlin has denied. There is also some evidence that a second, unrelated threat actor may have also targeted SolarWinds.

While SolarWinds said that 18,000 customers may have used a compromised verison of its Orion product, the fallout is believed to have resulted in at least 250 private sector and government organizations being breached. The list of government victims includes the U.S. Justice Department, which admitted this week that hackers may have accessed some Microsoft 365 email accounts, but claimed there was no evidence that classified systems were compromised. 

Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack

Related: Class Action Lawsuit Filed Against SolarWinds Over Hack

Related: Cyberattack Hit Key US Treasury Systems: Senator

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.