IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

SolarWinds hackers first breached systems in September 2019

The company is facing a class action lawsuit filed by its shareholders

The investigation into the SolarWinds cyber attack has revealed that hackers may have had access to the company’s internal systems since September 2019 – over a year before the incident was reported.

On 14 December, the software company confirmed that its systems had fallen victim to “a highly sophisticated, manual supply chain attack” which “intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack”.

However, SolarWinds’s president and CEO Sudhakar Ramakrishna has now revealed that the investigation of the incident now lists 4 September 2019 as the probable start of the chain of the events. It is on that day that threat actors are believed to have accessed SolarWinds internal systems, before injecting a test code and beginning trial runs three months later in December 2019.

“Our current timeline for this incident begins in September 2019, which is the earliest suspicious activity on our internal systems identified by our forensic teams in the course of their current investigations,” Ramakrishna revealed in a company blog post.

“The subsequent October 2019 version of the Orion Platform release appears to have contained modifications designed to test the perpetrators’ ability to insert code into our builds,” he said.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

The timeline of the incident might be particularly significant given the news that SolarWinds is facing a class action lawsuit filed by its shareholders. The complaint alleges that the company failed to disclose that SolarWinds’ Orion monitoring products had a vulnerability that allowed hackers to compromise the server since mid-2020. It also alleges that the company had set an easily-breachable password for the SolarWinds' update server, which ultimately resulted in SolarWinds' customers, including the US government, Microsoft, Cisco, and Nvidia, being vulnerable to hacks.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022