The Fraud Examiner
What You Need to Know About the SolarWinds Cyberattack
Ron Cresswell, J.D., CFE
Research Specialist, Association of Certified Fraud Examiners
On December 13, 2020, media outlets first
reported that a massive cyberattack had penetrated several U.S. government agencies. In the days that followed, investigators determined that the SolarWinds cyberattack had breached the computer networks of more than 250 government and private entities,
including the U.S. Department of Homeland Security and Microsoft. Most experts believe that the attack was a Russian operation. While the full scope of the SolarWinds cyberattack is still unclear, it appears to be one the largest and most consequential
cyberattacks ever conducted.
The SolarWinds cyberattack
SolarWinds is a software company based in Austin, Texas. The company’s software permits clients to monitor and manage what occurs on their computer networks. Nearly every Fortune 500 company uses SolarWinds software, as do numerous U.S. government agencies.
At some time prior to 2020, hackers gained access to SolarWinds’ network, possibly by exploiting the company’s Microsoft Office 365 account. Between March and June 2020, the hackers installed malware into software updates for a popular SolarWinds product
called Orion. SolarWinds clients who installed the compromised software updates also introduced the hackers’ malware into their networks. The malware permitted the hackers to access and exploit the clients’ networks, including their Microsoft email
accounts. According to SolarWinds, 18,000 clients downloaded the compromised updates.
The cyberattack went undetected until December. On December 7, a cybersecurity firm called FireEye announced that hackers had breached its network and stolen its software. FireEye discovered the link to the SolarWinds updates a few days later. On December
12, FireEye notified SolarWinds that their software updates had been compromised by a cyberattack. On the same day, the U.S. National Security Council held an emergency meeting at the White House to discuss the cyberattack and the possibility that
multiple government agencies had been breached. The media began to report on the cyberattack the next day.
Not a member? Click here to Join Now and access the full page.