Despite its very public uncovering, it now seems, not everything about the SolarWinds hack has been accounted for by investigators.
According to a Wall Street Journal report, hackers linked to China were also able to exploit an unrelated and less pronounced flaw uncovered by the SolarWinds software that gave them access to the Agriculture Department’s network recently.
While the eight-week investigation into the original SolarWinds hack continues, it would seem SolarWinds CEO Sudhakar Ramakrishna and investigators have identified the company’s Microsoft Office 365 platform as the point of entry for the sophisticated phishing scheme.
“Some email accounts were compromised. That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised.”
Similar to earlier reporting, Ramakrishna’s identification lines up with a broader phishing attack that was spread through the company’s email system. While Microsoft’s Outlook mail service may have been the vehicle of transmission for the SolarWinds hack, internal investigations are proving that the attack was years in the making. According to investigators, hackers had found a way to “turn SolarWinds’ own software update into a digital Trojan horse,” as far back as 2019.
Perhaps, more troubling than the amount of time hackers had with SolarWinds’ software is that CrowdStrike Holdings VP of intelligence Adam Meyers is on record as saying, “I don’t even know that we’ve scratched the surface on this thing,” as his company has been tasked with figuring out the hack.
The recent uncovering of a China-based hacking organization also exploiting SolarWinds months after its initial exploit is further evidence of how sophisticated the attack was as well as how sprawling its effects are becoming.
