SolarWinds CEO: Attack Began Much Earlier Than Previously Thought


Level 14
Jan 21, 2018
"The attack on SolarWinds that resulted in malware being distributed to thousands of the company's customers started a full eight months earlier than previously thought.
At a keynote session at the RSA Conference today, SolarWinds CEO Sudhakar Ramakrishna said the company's continuing investigation of the breach shows the nation-state group behind it began probing SolarWinds' network as early as January 2019. The breach remained undetected until December 2020, or nearly two full years after the initial malicious activity.
Previously, it was widely believed that attackers first gained access to SolarWinds' systems in October 2019.

According to Ramakrishna, breach investigators assessed hundreds of terabytes of data and thousands of virtual build systems before stumbling about some old code configuration that pointed to exactly what the attackers did to gain initial access. Ramakrishna did not offer any details on what specifically that might have been.

But at a congressional hearing earlier this year, the former CEO of SolarWinds, Kevin Thompson, blamed an intern for publicly posting a password to a file transfer server on GitHub. SolarWinds has since clarified that the password--or its public posting--had absolutely nothing to do with the breach.

Ramakrishna expressed regret over those comments.

"What happened at the congressional hearing where we attributed it to an intern is not what we are about," he noted. "We have learned from that."