Almost a month after the SolarWinds cyberattack was discovered, investigations are ongoing to better understand the hackers’ process. While researchers tend to confirm the Russian origin of the hack, we are now learning that the attack began much earlier than we thought, reports the Wall Street Journal.
In fact, SolarWinds has stated that hackers accessed its systems as early as September 2019. Experts believe cyberattack preparation is one of the most successful cyber espionage missions in history goes back much further than that date. As of October 2019, the Orion software that hackers use to carry out their attacks already contained changes to test its ability to inject malicious code into the system.
In the same category
With the SolarWinds hack, hackers were able to reach the Department of Justice’s email
The code was then inserted in February 2020 and the update containing the malware was released a month later. With the help of cybersecurity experts, SolarWinds learned that hackers were circumventing software security by impersonating network traffic carried by US servers. According to investigators, the thugs managed to gain access to a system that the Texan company uses to develop its software, but they still don’t know exactly how they used it.
As a reminder, the discovery of malware known as Sunburst was announced on December 12, 2020. For several months, companies and government agencies were spied on by hackers, most likely by Russians, as explained by the American authorities. Among the victims of this cyber espionage we find giants of the technology industry such as Microsoft, Cisco, Nvidia and Intel. Worse, a dozen American departments were also targeted. This is particularly the case with the Justice Department, whose messaging systems have been targeted.
The investigation is now trying to find out how the code that led to the cyberattack could have got into the software undetected. For its part, SolarWinds is reviewing numerous requests from its customers for information that will enable it to better understand the attack. The company claims to have already identified two past incidents that could be related to the latter.