Malware, distributed by SolarWinds Orion software updates, infected the networks of the White House, the DOJ, the State Department, NASA, NSA, the military, the top IT and telecommunications companies, and most of the Fortune 500 companies. Foreign governments and private companies have been hit, too. In total, up to 18,000 large entities have been infected by the malware.
The perpetrators of this malware attack were SolarWinds employees, not any outside party.
The idea that the malware was not inserted by SolarWinds employees, but by outside attackers is preposterous and not supported by any evidence. The one and only source of this allegation is FireEye’s blog, which also claims that there is a nation-state behind the attack, without naming it. Remarkably, when filing the special SEC report on the subject, FireEye did not directly repeat this claim, but stated that it is on the company’s blog. SolarWinds, who should know for certain how the company became a malware distributor, refused to directly support this theory, but hinted at it: “On Saturday, December 12, our CEO was advised by an executive at FireEye of a security vulnerability in our Orion Software Platform … While security professionals and other experts have attributed the attack to an outside nation-state, we have not independently verified the identity of the attacker.”
The call that he alleged nation-state is Russia was made by the media without any evidence for purely political reasons. Then these allegations have been repeated in an echo-chamber and circularly referenced.
The motives of the SolarWinds employees behind the malware creation and distribution could be numerous, from opposition to President Trump, to aiding espionage by foreign nation-state(s). Ordinary criminal interest cannot be excluded. Continue reading SolarWinds Malware →