Hackers had access to SolarWinds email system for months: report
Hackers involved in the recent breach of IT group SolarWinds, one of the largest cyber incidents in U.S. history, likely had access to the company’s email system for almost a year.
The Wall Street Journal reported late Tuesday that SolarWinds CEO Sudhakar Ramakrishna said in an interview that the hackers had accessed at least one of the company’s Office 365 email accounts in December 2019, beginning a chain of email compromises for other accounts.
“Some email accounts were compromised,” Ramakrishna told the publication. “That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised.”
The new findings further complicate the investigation into the SolarWinds breach, first discovered this past December, which federal officials have attributed to sophisticated Russian hackers.
The breach potentially impacted up to 18,000 SolarWinds’ domestic and international customers, including the Commerce, Defense, Energy, Homeland Security, State and Treasury departments. President Biden discussed the massive security breach during his first call in office with Russian President Vladimir Putin last month, and ordered the U.S. intelligence community to assess the impact of the breach.
SolarWinds has taken steps to increase security after the incident, including hiring a new cybersecurity consulting group headed by former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs and former Facebook Chief Security Officer Alex Stamos.
Ramakrishna, who took over as SolarWinds CEO at the beginning of January, told the Journal that his “attitude was to come in and assess first and figure out what we needed to do” in his new position.
The news came the same day Reuters reported that Chinese hackers had separately inserted malicious code into SolarWinds software, successfully compromising the Department of Agriculture’s National Finance Center and potentially other federal agencies over the course of the past year.
A spokesperson for SolarWinds stressed Tuesday that the Chinese hackers had been able to access the SolarWinds Orion software through breaching the customer’s network, and that the breach was “unrelated to SolarWinds.”
“We are aware of one instance of this happening and this is separate from the broad and sophisticated attack that targeted multiple software companies as vectors,” the SolarWinds spokesperson told The Hill.