ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

SEC Sues IT Firm SolarWinds Over One of the Worst Cyber Espionage Hacks in US History; Here's Why

The cyberattack was allegedly carried out by a group of Russian hackers called "NOBELIUM".
PUBLISHED NOV 27, 2023
Image source: Getty Images | Photo by Chip Somodevilla
Image source: Getty Images | Photo by Chip Somodevilla

US regulators have sued IT firm SolarWinds, which was targeted by a Russian-backed hacking group in a cyberespionage campaign, for fraud and failure to disclose alleged security deficiencies. The stunning hack was one of the largest cyberattacks in the US history, which compromised the data of several companies and government agencies. The suit also named the company’s top security executive while seeking his removal, unspecified civil penalties, and reimbursement of “ill-gotten gains”.



 

SolarWinds is a major IT/software company based in Austin, Texas. It provides system management tools for network and infrastructure monitoring, along with technical services to hundreds of thousands of organizations around the world. One of the company's products is an IT performance monitoring system called Orion which was the primary target of the hack.



 

As an IT monitoring system, SolarWinds Orion had privileged access to the IT systems of several companies and government agencies. Thus its wide deployment made it a lucrative and attractive target. In the attack, the hackers used a method called a ‘supply chain attack’ to insert malicious code into the Orion system. In this type of attack, a third party with access to various organizations' systems is targeted by focusing on weaker links in the organization's supply chain.

In this case, the SolarWinds Orion platform created a backdoor for hackers who impersonated users and accounts of victim organizations. The malware can also allow access to system files without detection, even by an antivirus software. In the hack, the attackers gained access to the networks, systems, and data of thousands of SolarWinds Orion customers.

Photo illustration, of a hacker with an Anonymous mask on his face | Getty Images | Photo by Chesnot
Getty Images | Photo by Chesnot

In this hack, Microsoft has suspected the hackers to be from the group known as NOBELIUM. Microsoft refers to the group as an advanced and persistent adversary because of its tenacious attacks and ever-evolving nature.

Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle
Representative image of a protestor wearing a mask of 'Anonymous' | Getty Images | Photo by Denis Doyle

In the attack, the data, networks, and systems of over 30,000 public and private organizations were compromised, as per Fortune. The victims included state and federal agencies including, the Justice and Homeland Security departments. Apart from SolarWinds clients, the hack exposed the inner workings of Orion users, and the hackers could potentially gain access to the data and networks of their customers and partners as well.

In the 68-page complaint filed in New York federal court, the SEC has accused SolarWinds and its then vice president of security, Tim Brown, of defrauding their investors and customers. The SEC has accused them of making “misstatements, omissions and schemes” that concealed their “poor cybersecurity practices and its heightened and increasing cybersecurity risks," as per the official release

Gurbir S. Grewal, the SEC’s enforcement division director, said in a statement that SolarWinds and Brown ignored “repeated red flags” for years and deprived investors of accurate material information.

 Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago
Gurbir Grewal, Director of Enforcement for the Securities and Exchange Commission, speaks during a press conference | Getty Images | Photo by Michael M. Santiago

The SEC also alleged that an internal SolarWinds presentation shared in 2020 had warned about the company’s network being “not very secure,” and vulnerable to hacking that could lead to “major reputation and financial loss,” the release said.  The SEC also alleged that many employees including Brown had made multiple communications questioning the company’s ability to protect itself from cyberattacks.

Meanwhile, SolarWinds has called the SEC charges unfounded and said it is “deeply concerned this action will put our national security at risk,” a Fortune report said.

MORE ON MARKET REALIST
In an attempt to surprise Sandler, Spade ended up being more generous than he planned.
21 hours ago
The man's presence at a women-only poker event also sparked a huge online debate.
22 hours ago
He revealed that the piece of advice that changed his outlook toward money came from a celebrity business manager Lester Knispel.
1 day ago
The workers chose to stick to the company's core values and did the right thing.
1 day ago
The guest revealed that she didn't know about the trade mentioned on the disk when it was purchased.
1 day ago
The CEO at the local casino decided to make her birthday even more special by adding a gift to her winnings.
2 days ago
Sometimes things that don't shine turn out to be worth more than gold.
2 days ago
Spending on restaurants and hotels increased by 0.3 percent in May which was the single largest influence.
2 days ago
The Hollywood star said, "I've left more money on the table than any actor actually."
2 days ago
Many are now heading to the shop from far beyond the county to try their luck.
3 days ago
The duo also performed a cover of Adam Jenson's 2017 song “Street Fight”.
3 days ago
Pam, 83, said "I could have made a fortune, but it wasn’t to be. I’ve had a happier life than Marilyn ever had. I’ve no regrets."
4 days ago
Early 1980s was a special era as several rare coins were minted then.
4 days ago
According to reports, the fisherman from Puerto Princesa found the item over a decade ago while he was fishing in the sea.
4 days ago
For decades, the painting was hung in a shabby frame in the living room.
4 days ago
The asteroid was discovered by Italian astronomer Annibale de Gasparis on March 17, 1852, who named it after the Greek Goddess of the soul.
4 days ago
In the video, another friend can be heard gasping and noting how she thought that Maddie was 'exaggerating.'
5 days ago
The man from New Jersey who was looking to save a few bucks, didn't know what luck had in store for him.
5 days ago
In 2004, Ashley Revell from London won $270,000 in one of the most stunning events in gambling history.
5 days ago
One of the rarest Rolex watches in the world was kept in a safety deposit for decades, unworn.
5 days ago