Austin Texas-based SolarWinds says it has reverse-engineered code used to carry out one of the most extensive and damaging cyber attacks to date. An article in the Austin American-Statesman provides an update on developments in this story, quoting from among other sources a SolarWinds SEC filing. The company makes network and IT management software, which meant the infection went from SolarWinds to its clients, including numerous government agencies and departments – among them Homeland Security and the Department of Energy – as well as major companies, including Microsoft. All are understood to have been breached and their data made visible, for how long and to what extent yet to be determined, if it ever will be.
Federal officials say the attack likely came from Russia. The Washington Post, based on unnamed sources, also traces it back to Russian hackers, specifically Russian government hackers. SolarWinds itself says it cannot independently confirm the source of the breach.
In a separate article, the Austin newspaper has reported on the first of what could be numerous lawsuits targeting the company. A putative class action claims that SolarWinds made false and misleading statements regarding its cybersecurity in SEC filings.
Today’s General Counsel / DR