Around 18,000 organizations and individuals who use SolarWinds software are believed to have been hacked along with multiple U.S. companies and government agencies for months. The full extent of those affected in the hack is not known, but the Pentagon, Department of Homeland Security (DHS) and the State Department are among known SolarWinds users.
The hack was first reported on Sunday, and SolarWinds has since determined the widespread hacks were carried out after hackers “inserted a vulnerability” into the company’s Orion line of software products.
The U.S. Securities and Exchanges Commission (SEC) also issued a report estimating the full range of users compromised by the hack. The SEC report noted SolarWinds has over 300,000 customers, but only about 33,000 users of the Orion product line that was targeted by hackers. SolarWinds notified all 33,000 of its Orion users, but the SEC said the insertion of malicious software into the Orion product line took place between March and June of this year. Based on that timeline and its list of potentially affected products, SolarWinds believes the actual number of customers who updated their Orion products with the malicious software was less than 18,000 users.
SolarWinds said the list of its Orion products that could have been affected during the hacking period include:
- Application Centric Monitor (ACM)
- Database Performance Analyzer Integration Module* (DPAIM*)
- Enterprise Operations Console (EOC)
- High Availability (HA)
- IP Address Manager (IPAM)
- Log Analyzer (LA)
- Network Automation Manager (NAM)
- Network Configuration Manager (NCM)
- Network Operations Manager (NOM)
- Network Performance Monitor (NPM)
- NetFlow Traffic Analyzer (NTA)
- Server & Application Monitor (SAM)
- Server Configuration Monitor (SCM)
- Storage Resource Monitor (SRM)
- User Device Tracker (UDT)
- Virtualization Manager (VMAN)
- VoIP & Network Quality Manager (VNQM)
- Web Performance Monitor (WPM)
U.S. authorities have not determined definitively who was responsible for the hack, but it suspected to be the work of a foreign government-backed hacking group and the New York Times reported the hackers may have been sponsored by the Russian government.
While targets of the SolarWinds hack included the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), there is no complete list of the government departments and agencies and U.S. companies compromised in the hack.
Bloomberg reported U.S. government departments targeted included the Department of Homeland Security (DHS), the State Department, the National Institute of Health (NIH) as well as some parts of the Department of Defense were targeted in the hack. The New York Times reported SolarWinds products are used throughout nearly all Fortune 500 companies, including the New York Times itself. The New York Times also reported SolarWinds is used by the Los Alamos National Laboratory, which designs nuclear weapons, and by Boeing, a major U.S. defense contractor.
Following the hack, the Verge reported SolarWinds deleted a list of high profile clients from its website, though an archived copy of the client page states 425 of the Fortune 500 companies use their products, as well as all branches of the U.S. military, the National Security Agency (NSA), and even the Office of the President of the United States. The company’s software is also used by all of the top five U.S. accounting firms and hundreds of colleges and universities around the world. It is not immediately clear if these SolarWinds clients specifically used the affected products listed.