ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

SEC Sues IT Firm SolarWinds Over One of the Worst Cyber Espionage Hacks in US History; Here's Why

The cyberattack was allegedly carried out by a group of Russian hackers called "NOBELIUM".
PUBLISHED NOV 27, 2023
Image source: Getty Images | Photo by Chip Somodevilla
Image source: Getty Images | Photo by Chip Somodevilla

US regulators have sued IT firm SolarWinds, which was targeted by a Russian-backed hacking group in a cyberespionage campaign, for fraud and failure to disclose alleged security deficiencies. The stunning hack was one of the largest cyberattacks in the US history, which compromised the data of several companies and government agencies. The suit also named the company’s top security executive while seeking his removal, unspecified civil penalties, and reimbursement of “ill-gotten gains”.



 

SolarWinds is a major IT/software company based in Austin, Texas. It provides system management tools for network and infrastructure monitoring, along with technical services to hundreds of thousands of organizations around the world. One of the company's products is an IT performance monitoring system called Orion which was the primary target of the hack.



 

As an IT monitoring system, SolarWinds Orion had privileged access to the IT systems of several companies and government agencies. Thus its wide deployment made it a lucrative and attractive target. In the attack, the hackers used a method called a ‘supply chain attack’ to insert malicious code into the Orion system. In this type of attack, a third party with access to various organizations' systems is targeted by focusing on weaker links in the organization's supply chain.

In this case, the SolarWinds Orion platform created a backdoor for hackers who impersonated users and accounts of victim organizations. The malware can also allow access to system files without detection, even by an antivirus software. In the hack, the attackers gained access to the networks, systems, and data of thousands of SolarWinds Orion customers.

Photo illustration, of a hacker with an Anonymous mask on his face | Getty Images | Photo by Chesnot
Getty Images | Photo by Chesnot

In this hack, Microsoft has suspected the hackers to be from the group known as NOBELIUM. Microsoft refers to the group as an advanced and persistent adversary because of its tenacious attacks and ever-evolving nature.

Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle
Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle

In the attack, the data, networks, and systems of over 30,000 public and private organizations were compromised, as per Fortune. The victims included state and federal agencies including, the Justice and Homeland Security departments. Apart from SolarWinds clients, the hack exposed the inner workings of Orion users, and the hackers could potentially gain access to the data and networks of their customers and partners as well.

In the 68-page complaint filed in New York federal court, the SEC has accused SolarWinds and its then vice president of security, Tim Brown, of defrauding their investors and customers. The SEC has accused them of making “misstatements, omissions and schemes” that concealed their “poor cybersecurity practices and its heightened and increasing cybersecurity risks," as per the official release

Gurbir S. Grewal, the SEC’s enforcement division director, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years and deprived investors of accurate material information.

 Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago
Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago

The SEC also alleged that an internal SolarWinds presentation shared in 2020 had warned about the company’s network being “not very secure,” and vulnerable to hacking that could lead to “major reputation and financial loss,” the release said.  The SEC also alleged that many employees including Brown had made multiple communications questioning the company’s ability to protect itself from cyberattacks.

Meanwhile, SolarWinds has called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk,” a Fortune report said.

MORE ON MARKET REALIST
Despite having just 25% ownership of her company, Meagan Bowman managed to bag a $400,000 deal.
19 hours ago
In the end, Harrison felt like he hit the jackpot as he knew every collector would be after the item.
20 hours ago
Former players and audience members shared how the show deals with controversial statements.
1 day ago
Fans were divided on whether Adam Wredberg's Bonus Round puzzle was solvable or not.
1 day ago
The lucky win delighted the fans as the contestant, Sunita Baru took home more than $50,000.
2 days ago
Chris and Jeanie Rodgers didn't just beat up the zombie on the show, but also had him present their product to the judges.
2 days ago
Fans on Reddit complained complained that some games are either overly difficult by design or favor only physically fit contestants.
2 days ago
Contestant Joey Sweet took the loss in stride, but the show's viewers weren't happy with the puzzle selection.
3 days ago
A lot of things on set were put to the test during the "Is it real or is it cake?" challenge, including the host.
3 days ago
Fans were left disappointed after the contestant, Alicia Slagle, failed to guess an easy phrase in the finale.
3 days ago
Jackie Fakhoury was also joined by her husband and son in celebration on stage.
4 days ago
The guest had no idea that her $30 ring was studded with diamonds and made of platinum.
4 days ago
In a rare event, Harrison didn't haggle the seller as he knew he had to make a deal for he coin.
4 days ago
The Bobek family, who came dressed in Polish Highlander attire, had the host grooving to their tunes.
5 days ago
Contestant Marie-Eve Augier’s smart letter choices turned the puzzle into an easy solve.
5 days ago
The Sharks felt that the founder of Besomebody didn't have the "capacity to listen."
6 days ago
Jennings shared how Trebek showed great resillience and showmanship during his last days on the show.
6 days ago
The contestant, Staci Urban put up a great show to win over $60,000 in one night.
6 days ago
The TikToker warned fellow shoppers about the risks of infection from the salmon.
7 days ago