SEC Sues IT Firm SolarWinds Over One of the Worst Cyber Espionage Hacks in US History; Here's Why

US regulators have sued IT firm SolarWinds, which was targeted by a Russian-backed hacking group in a cyberespionage campaign, for fraud and failure to disclose alleged security deficiencies. The stunning hack was one of the largest cyberattacks in the US history, which compromised the data of several companies and government agencies. The suit also named the company’s top security executive while seeking his removal, unspecified civil penalties, and reimbursement of “ill-gotten gains”.

What is SolarWinds?

SolarWinds is a major IT/software company based in Austin, Texas. It provides system management tools for network and infrastructure monitoring, along with technical services to hundreds of thousands of organizations around the world. One of the company's products is an IT performance monitoring system called Orion which was the primary target of the hack.

What happened in the cyberattack?

As an IT monitoring system, SolarWinds Orion had privileged access to the IT systems of several companies and government agencies. Thus its wide deployment made it a lucrative and attractive target. In the attack, the hackers used a method called a ‘supply chain attack’ to insert malicious code into the Orion system. In this type of attack, a third party with access to various organizations' systems is targeted by focusing on weaker links in the organization's supply chain.

In this case, the SolarWinds Orion platform created a backdoor for hackers who impersonated users and accounts of victim organizations. The malware can also allow access to system files without detection, even by an antivirus software. In the hack, the attackers gained access to the networks, systems, and data of thousands of SolarWinds Orion customers.

Who were the hackers?

In this hack, Microsoft has suspected the hackers to be from the group known as NOBELIUM. Microsoft refers to the group as an advanced and persistent adversary because of its tenacious attacks and ever-evolving nature.

Consequences of the Attack

In the attack, the data, networks, and systems of over 30,000 public and private organizations were compromised, as per Fortune. The victims included state and federal agencies including, the Justice and Homeland Security departments. Apart from SolarWinds clients, the hack exposed the inner workings of Orion users, and the hackers could potentially gain access to the data and networks of their customers and partners as well.

SEC’s lawsuit

In the 68-page complaint filed in New York federal court, the SEC has accused SolarWinds and its then vice president of security, Tim Brown, of defrauding their investors and customers. The SEC has accused them of making “misstatements, omissions and schemes” that concealed their “poor cybersecurity practices and its heightened and increasing cybersecurity risks," as per the official release. 

Gurbir S. Grewal, the SEC’s enforcement division director, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years and deprived investors of accurate material information.

The SEC also alleged that an internal SolarWinds presentation shared in 2020 had warned about the company’s network being “not very secure,” and vulnerable to hacking that could lead to “major reputation and financial loss,” the release said.  The SEC also alleged that many employees including Brown had made multiple communications questioning the company’s ability to protect itself from cyberattacks.

Meanwhile, SolarWinds has called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk,” a Fortune report said.