Last week, the news broke that the IT management company SolarWinds had been hacked, possibly by the Russian government, and the U.S. Treasury, Commerce, Government, Energy and Homeland Security departments were affected – of which two may have stolen emails due to the hack. Other government agencies and many companies are investigating this because of SolarWinds’ extensive customer list. The Wall Street Journal report it now some large technology companies are also infected.
Cisco, Intel, Nvidia, Belkin and VMware have infected computers on their networks with the malware. There could be many more: SolarWinds said that ‘less’ than 18,000′ companies are affected, as if that number is reassuring, and even trying to hide the list of customers using the infected software. Today’s news takes some of SolarWinds’ big name clients from ‘possibly affected’ to ‘confirmed’.
At the moment, the big tech companies have the same story, which amounts to ‘investigating, but we do not think it has affected us.’ But as we have repeatedly learned in cases like the 2016 hack of the Democratic National Committee’s email, it can take a long time before the impact of a hack is fully realized. Once hackers are inside a system, it can also be difficult to know if they are completely gone. As this Associated Press report explained, it can be difficult to fully trust a network after a hacker has been inside.
In this case, investigators have a lot of data to look through: the hood is still going on and has been for months.
The investigation exacerbates the issue, was by investigators another burglary group which broke into SolarWinds using a similar utility. It was initially thought that this attack, called Supernova, was part of the main attack (also known as Sunburst), but investigators now think it was executed by a second, less sophisticated group.
There are all sorts of reasons why a hacking group might want to include systems in a large technology enterprise, including access to future product plans or information about employees and customers that can be sold or held as a ransom, assuming they are actually after the information go looking. But it is also possible that these companies suffered only collateral damage, as these hacking groups went after government agencies, which happened to provide the same IT management systems provided by SolarWinds. At the moment, one of these companies does not seem to be particularly concerned. Compare that to the US Government’s Computer Security Organization, which announced it every federal agency must shut down its SolarWinds systems immediately.