What you need to know
- The SolarWinds attack may have started much earlier than previously believed
- The president and CEO of SolarWinds specified that hackers may have been in its environment as early as January 2019.
- Previous reports indicated that the attack started before October 2019.
Hackers may have been present inside the SolarWinds environment as early as January 2019. It was previously believed that the SolarWinds attack began sometime before October 2019. The new information comes from SolarWinds president and CEO Sudhakar Ramakrishna, who discussed the attack during the RSA Conference (via PCMag).
Ramakrishna spoke with Forrester VP Laura Koetzle in a pre-taped interview for the virtual RSA Conference. "The tradecraft the attackers used was extremely well done and extremely sophisticated," explained Ramakrishna. He added that the attack was possible because it had the resources of a nation-state behind it. The U.S. government has accused Russia of being behind the SolarWinds attack.
Ramakrishna called the actions in January 2019 "very early recon activities" but did not disclose any other specifics.
The SolarWinds attack was initially made public in December 2020. It targetted major companies, including Microsoft, Intel, and Cisco. The attacks also went after several government agencies, including the Pentagon, the Department of Homeland Security, the State Department, the Treasury, and the National Nuclear Security Administration.
Microsoft president Brad Smith said that the SolarWinds attack was probably "the largest and most sophisticated attack the world has ever seen." Microsoft identified over 40 of its customers as targets of the attack, 80% of which were in the U.S.
The crux of the attack was the SolarWinds Orion software, which is used to distribute software updates. Hackers gained access to this software and used it to spread malware to customers.
