Russian data hack saga on SolarWinds seems to be a never-ending story

A new story is emerging day by day when it comes to the data hack of SolarWinds. And according to the latest update provided from a resource of Microsoft, the source code of certain Microsoft Products was accessed by hackers in Orion platform related supply chain cyber attack.

Although Microsoft claims that the latest hack doesn’t do much of the damage to its reputation, as it has already open sourced most of its product codes; security experts say that the attack on SolarWinds by Russia could spell a doom for over 250 federal agencies operating from in & around United States.

The latest on the story goes as follows- In December 2017, the Cybersecurity advisor of SolarWinds is reported to have warned the CEO about a catastrophic cyber attack if the internal security measures weren’t amped up.

However, the CEO is said to have ignored the words spoken by Ian Thornton Trump and moved certain engineering operations to Eastern Europe- Poland, Belarus and Czech Republic. Although the move bagged profits at triple scale to the company, it eventually led to a data breach that started in Oct’19 and went unnoticed till the last week of March’2020 that came to the attention of media in Nov’2020.

Last December, it was revealed in a detailed probe conducted by FBI that a sprawling cyber espionage attack was conducted by a Russian funded hacking group that impacted the servers of over 250 US federal agencies through the SolarWinds developed Orion software that was filled with flaws.

As Cybersecurity warnings issued by Ian Trump were never taken seriously by the SolarWinds management since 2017, he resigned the firm in early 2018.

Note 1- A report from security firm FireEye claims that the federal agencies that were targeted by hackers in the cyber attack were the Pentagon, The Treasury, FBI, The Department of State, Commerce Department, Department of Homeland Security, Department of Energy, National Nuclear Security Administration, Los Alamos National Laboratory, Federal Energy Regulatory Commission, and Office of Secure Transportation are confirmed to have become the victims to the cyber attack. And the list excludes private entities like Microsoft and Cisco.

Note 2- In December 2020, CEO Kevin Thompson announced that he will leave the company that will be taken over by Sudhakar Ramakrishna from Jan’2021.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display