Monday, December 21, 2020

SolarWinds Hack Victims: From Tech Companies to a Hospital and University

The suspected Russian hackers behind breaches at U.S. government agencies also gained access to major U.S. technology and accounting companies, at least one hospital and a university, a Wall Street Journal analysis of internet records found.

The victims offer a small window into the sweeping scope of the hack, which could have ensnared as many as 18,000 of Austin-based SolarWinds Corp.'s customers, the company said, after hackers laced a routine software update with malicious code.

The uncertainty has left SolarWinds' customers-which include major technology companies, more than 400 Fortune 500 companies and many government agencies-scrambling to determine the fallout and whether the hackers remain inside.

"Customers are definitely freaking out," said David Kennedy, whose company, TrustedSec LLC, is investigating the hack.

For many companies the concern is whether the attackers stole data or remain undetected within corporate networks, he said.

What's more, because the attack dates back many months, some companies may no longer have the forensic data needed to do a complete investigation.

Microsoft, itself a SolarWinds customer, said last week it had also detected malicious software related to the hack on its own network but "No indications that our systems were used to attack others," a company spokeswoman said.
 

https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402?mod=hp_lead_pos11 

No comments: