ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

SEC Sues IT Firm SolarWinds Over One of the Worst Cyber Espionage Hacks in US History; Here's Why

The cyberattack was allegedly carried out by a group of Russian hackers called "NOBELIUM".
PUBLISHED NOV 27, 2023
Image source: Getty Images | Photo by Chip Somodevilla
Image source: Getty Images | Photo by Chip Somodevilla

US regulators have sued IT firm SolarWinds, which was targeted by a Russian-backed hacking group in a cyberespionage campaign, for fraud and failure to disclose alleged security deficiencies. The stunning hack was one of the largest cyberattacks in the US history, which compromised the data of several companies and government agencies. The suit also named the company’s top security executive while seeking his removal, unspecified civil penalties, and reimbursement of “ill-gotten gains”.



 

SolarWinds is a major IT/software company based in Austin, Texas. It provides system management tools for network and infrastructure monitoring, along with technical services to hundreds of thousands of organizations around the world. One of the company's products is an IT performance monitoring system called Orion which was the primary target of the hack.



 

As an IT monitoring system, SolarWinds Orion had privileged access to the IT systems of several companies and government agencies. Thus its wide deployment made it a lucrative and attractive target. In the attack, the hackers used a method called a ‘supply chain attack’ to insert malicious code into the Orion system. In this type of attack, a third party with access to various organizations' systems is targeted by focusing on weaker links in the organization's supply chain.

In this case, the SolarWinds Orion platform created a backdoor for hackers who impersonated users and accounts of victim organizations. The malware can also allow access to system files without detection, even by an antivirus software. In the hack, the attackers gained access to the networks, systems, and data of thousands of SolarWinds Orion customers.

Photo illustration, of a hacker with an Anonymous mask on his face | Getty Images | Photo by Chesnot
Getty Images | Photo by Chesnot

In this hack, Microsoft has suspected the hackers to be from the group known as NOBELIUM. Microsoft refers to the group as an advanced and persistent adversary because of its tenacious attacks and ever-evolving nature.

Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle
Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle

In the attack, the data, networks, and systems of over 30,000 public and private organizations were compromised, as per Fortune. The victims included state and federal agencies including, the Justice and Homeland Security departments. Apart from SolarWinds clients, the hack exposed the inner workings of Orion users, and the hackers could potentially gain access to the data and networks of their customers and partners as well.

In the 68-page complaint filed in New York federal court, the SEC has accused SolarWinds and its then vice president of security, Tim Brown, of defrauding their investors and customers. The SEC has accused them of making “misstatements, omissions and schemes” that concealed their “poor cybersecurity practices and its heightened and increasing cybersecurity risks," as per the official release

Gurbir S. Grewal, the SEC’s enforcement division director, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years and deprived investors of accurate material information.

 Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago
Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago

The SEC also alleged that an internal SolarWinds presentation shared in 2020 had warned about the company’s network being “not very secure,” and vulnerable to hacking that could lead to “major reputation and financial loss,” the release said.  The SEC also alleged that many employees including Brown had made multiple communications questioning the company’s ability to protect itself from cyberattacks.

Meanwhile, SolarWinds has called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk,” a Fortune report said.

MORE ON MARKET REALIST
Sometimes the host of Family Feud just wants the chaos to end as it gets too much.
58 minutes ago
The show took a hilarious turn when a contestant gave a bold answer that caught the host completely off guard.
2 hours ago
Despite talking through her guesses, Carrie Trujillo couldn't crack the puzzle and failed to win $40,000.
3 hours ago
Robert Herjavec and Lori Greiner rubbed it in O'Leary's face by celebrating their deal with Phoozy
23 hours ago
Duc and Lisa Nguyen's stubbornness paid off, as the co-founders of Baubles + Soles got Daymond John as a partner.
1 day ago
The player got the host to be candid about his fears and his mother's opinion on him.
1 day ago
Justin Baer, founder of Collars & Co., was looking for mentorship from the Sharks in addition to a $300,000 investment.
1 day ago
She said that her husband may still have to buy a dog as America may hold him accountable.
1 day ago
When Harrison knew that the 18th-century map was the real deal, he made a genuine offer.
2 days ago
10 years after her sister’s win, Chelsea Hall hit the jackpot on ‘WoF’ with a brand new Mini Cooper and a cash prize.
2 days ago
The co-founders of BuggyBeds wowed the Sharks so much, they were "itching" to invest, and offered a $250k deal.
2 days ago
The guests were left stunned to find out just how much the repairs would cost.
3 days ago
Unfortunately for the seller, she allegedly got robbed of a significant amount of money.
3 days ago
Not only did the co-creators of FlingGolf get a $300,000 deal, they proved Mr Wonderful wrong.
3 days ago
The guest never imagined the old, autographed sneakers that his mom acquired could be worth so much.
4 days ago
The gameshow whiz did it again by bagging the top prize on yet another trivia test.
4 days ago
Riccardi took to Reddit to clear the air around his stunning loss which was facing scrutiny.
4 days ago
Fans gathered on the show's unofficial Reddit forum to discuss the 'dumb and useless' items.
4 days ago
The contestant, Matt Benton expressed he wanted to enjoy the moment before thinking of the future.
5 days ago
The guest who treasured the collection had no idea how significant it was.
5 days ago