- #Solarwinds products update#
- #Solarwinds products full#
- #Solarwinds products software#
- #Solarwinds products code#
#Solarwinds products software#
NPR's months-long examination of that landmark attack - based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration's response - reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.īy design, the hack appeared to work only under very specific circumstances. On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the "seen and unseen" response to the SolarWinds breach. We are still conducting the investigation." "If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less.
#Solarwinds products code#
"Eighteen thousand was our best estimate of who may have downloaded the code between March and June of 2020," Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR.
#Solarwinds products update#
Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion's software and then used it as a vehicle for a massive cyberattack against America. The routine update, it turns out, is no longer so routine. Customers simply had to log into the company's software development website, type a password and then wait for the update to land seamlessly onto their servers. It was supposed to provide the regular fare - bug fixes, performance enhancements - to the company's popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company's network. Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. The next morning, rather like the shoemaker and the elves, our software is magically transformed.
A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The routine software update may be one of the most familiar and least understood parts of our digital lives. "This release includes bug fixes, increased stability and performance improvements." In the global cybersecurity game of cat and mouse, the SolarWinds attack has significantly upped the ante.An NPR investigation into the SolarWinds attack reveals a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives. Smith categorized the ongoing SolarWinds hack as a "moment of reckoning," stating his belief that "We need strong steps to hold nation-states accountable for cyberattacks." Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others. We have not found evidence of access to production services or customer data. Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed.
#Solarwinds products full#
Brad Smith's full statement is available to read on the Official Microsoft Blog. The Department for Homeland Security also corroborated the denial. However, Microsoft President Brad Smith issued a statement denying that their products were co-opted into the attack. Some publications suggested that Microsoft's compromised products, such as Azure and Active Directory, were then used as attack tools against other victims. Microsoft was using SolarWinds Orion, the remote management software at the root of the attack. Microsoft Falls Victim to SolarWinds Hack
Microsoft has confirmed that the company is a victim of the SolarWinds hack, as the suspected nation-state attack claims another major scalp.Īn NSA advisory released on 17 December 2020 referenced Microsoft products such as Azure and Active Directory, which the technology giant later confirmed.