A Homeland Security cybersecurity analyst circa Sept. 2010.
After infiltrating a Texas-based software company, an elite group of hackers turned its most widely used product into a Trojan horse. Their plan couldn’t have worked better. At least a half dozen government agencies (so far) and an untold number of America’s wealthiest corporations led them heedlessly right through the gates.
Virtually no one outside of the IT world had heard of SolarWinds before Monday, but it’s said to count among its corporate clientele hundreds of the country’s top revenue earners from nearly every facet of industry. The National Security Agency and many of the government’s other most well-guarded members have used its network management platform, including, as in at least the Army’s case, on communication networks handling classified information. That same software, known as Orion Platform, began quietly dispensing malware create to spy on its users and pilfer their most sensitive files, likely in March of this year.
According to SolarWinds, upwards of half of its 33,000 Orion customers may have been infected. For nine months, apparently, nobody noticed.
The Departments of State, Commerce, Treasury, and Homeland Security, as well as the National Institutes of Health, which conducts biomedical research on the government’s behalf, are among the list of federal agencies currently said to be victims of the attack, according to Washington Post reporting earlier this week. Politico reported Thursday that the Energy Department and its National Nuclear Security Administration, chiefly responsible for safeguarding the nation’s nuclear weapons, had been also compromised. (In a statement Thursday, an Energy spokesperson claimed the malware was “isolated to business networks only.”)