ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

SEC Sues IT Firm SolarWinds Over One of the Worst Cyber Espionage Hacks in US History; Here's Why

The cyberattack was allegedly carried out by a group of Russian hackers called "NOBELIUM".
PUBLISHED NOV 27, 2023
Image source: Getty Images | Photo by Chip Somodevilla
Image source: Getty Images | Photo by Chip Somodevilla

US regulators have sued IT firm SolarWinds, which was targeted by a Russian-backed hacking group in a cyberespionage campaign, for fraud and failure to disclose alleged security deficiencies. The stunning hack was one of the largest cyberattacks in the US history, which compromised the data of several companies and government agencies. The suit also named the company’s top security executive while seeking his removal, unspecified civil penalties, and reimbursement of “ill-gotten gains”.



 

SolarWinds is a major IT/software company based in Austin, Texas. It provides system management tools for network and infrastructure monitoring, along with technical services to hundreds of thousands of organizations around the world. One of the company's products is an IT performance monitoring system called Orion which was the primary target of the hack.



 

As an IT monitoring system, SolarWinds Orion had privileged access to the IT systems of several companies and government agencies. Thus its wide deployment made it a lucrative and attractive target. In the attack, the hackers used a method called a ‘supply chain attack’ to insert malicious code into the Orion system. In this type of attack, a third party with access to various organizations' systems is targeted by focusing on weaker links in the organization's supply chain.

In this case, the SolarWinds Orion platform created a backdoor for hackers who impersonated users and accounts of victim organizations. The malware can also allow access to system files without detection, even by an antivirus software. In the hack, the attackers gained access to the networks, systems, and data of thousands of SolarWinds Orion customers.

Photo illustration, of a hacker with an Anonymous mask on his face | Getty Images | Photo by Chesnot
Getty Images | Photo by Chesnot

In this hack, Microsoft has suspected the hackers to be from the group known as NOBELIUM. Microsoft refers to the group as an advanced and persistent adversary because of its tenacious attacks and ever-evolving nature.

Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle
Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle

In the attack, the data, networks, and systems of over 30,000 public and private organizations were compromised, as per Fortune. The victims included state and federal agencies including, the Justice and Homeland Security departments. Apart from SolarWinds clients, the hack exposed the inner workings of Orion users, and the hackers could potentially gain access to the data and networks of their customers and partners as well.

In the 68-page complaint filed in New York federal court, the SEC has accused SolarWinds and its then vice president of security, Tim Brown, of defrauding their investors and customers. The SEC has accused them of making “misstatements, omissions and schemes” that concealed their “poor cybersecurity practices and its heightened and increasing cybersecurity risks," as per the official release

Gurbir S. Grewal, the SEC’s enforcement division director, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years and deprived investors of accurate material information.

 Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago
Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago

The SEC also alleged that an internal SolarWinds presentation shared in 2020 had warned about the company’s network being “not very secure,” and vulnerable to hacking that could lead to “major reputation and financial loss,” the release said.  The SEC also alleged that many employees including Brown had made multiple communications questioning the company’s ability to protect itself from cyberattacks.

Meanwhile, SolarWinds has called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk,” a Fortune report said.

MORE ON MARKET REALIST
The owner of the collection of Danny Lyon SNCC Civil Rights Posters was left astonished in the end.
22 hours ago
After Harrison bought a signed speed bag for $250, he happened to meet the star at a dinner.
1 day ago
The contestant, Doug, had a hard time coming up with a sensible answer.
1 day ago
While Jennings performed a half-baked trick, it still managed to thoroughly entertain the fans.
1 day ago
The player, Andy Schwartz registered the first loss of a car since Seacrest took over as host.
2 days ago
The guest kept his grandparents' antique instruments under his bed for years.
2 days ago
Harris wasn't the only one who came up with an answer that shocked everyone.
2 days ago
Despite getting a high auction estimate, the owner of the Meiji Period lamp chose to keep it.
2 days ago
The player, Gabriel Berkowitz pulled off a perfect night winning over $45,000 and a car.
3 days ago
Harvey showed no mercy after he found out that Sweet Lou Dunbar didn't know how apps work.
3 days ago
The founder of Plop Star made an unforgettable entry and a sad exit from the show.
4 days ago
The host is otherwise quick to reprimand families for backing absurd answers.
4 days ago
While the Marvel comic book fetched a $50,000 appraisal, Harrison felt it was too rich for him.
4 days ago
Jimmy Alexander became the first player to lose a brand-new car on season 43 of the show.
5 days ago
The contestant, Brianne Peterson got extremely unlucky with her letter picks for the final puzzle.
5 days ago
The guest was told that the Jasper Johns Flag Print wouldn't be valuable but it was worth thousands.
5 days ago
It didn’t help that Alvin Rosales was playfully scolded by the host just before losing the Bonus Round.
5 days ago
The photos featured some looks of the show's legendary former host, Alex Trebek, as well.
5 days ago
The player, Kate Stuntz, pulled off a miraculous win to take home over $68,000 and a trip to Iceland.
6 days ago
The owner couldn’t believe the value of Jane Peterson’s "The Floats" gouache painting.
6 days ago