Media outlets reported that some of the major tech companies have been affected by SolarWinds‘ IT management hack.
The attackers also gained access to California State Hospitals and Kent State University.
Last week, news emerged that SolarWinds had been hacked, possibly by the Russian government, and that the US Treasury, Trade, Foreign, Energy and Homeland Security had been affected.
Other government agencies and several companies are investigating because of SolarWinds’ extensive client list.
There could be much more, SolarWinds reported that fewer than 18,000 companies were affected, and it tried to hide the list of clients who used the infected software.
Sources said that some popular SolarWinds customers have become sure to be affected by the hack.
Big tech companies are now offering the same story, which boils down to saying: We are investigating, but we don’t think that has affected us.
As in previous cases, such as the 2016 email breach of the Democratic National Committee, verifying the full effects of the breach can take a long time.
After the hackers enter the system, it can also be difficult to know that they have completely disappeared, and as the Associated Press report shows, it can be difficult to fully trust a network after a hacker has entered it.
Investigators in this case have a lot of data to look into, as the hack – which began months ago – is still continuing.
Adding to the problem, investigators found another hacker group that had infiltrated SolarWinds using a similar exploit.
This attack, codenamed Supernova, was initially believed to be part of the main attack known as Sunburst, but investigators now believe it was carried out by a second, less complex group.
There are many reasons why a hacker group might want to enter a large tech company’s systems, including access to future product plans or employee and customer information that could be sold or paid for in ransom.
It is also possible that these companies were mainly unintended to attack, because the hacking groups wanted to reach government agencies, which happened to share the same IT management systems that SolarWinds provides.
It is reported that the US government’s Computer Security Organization announced that every federal agency must immediately shut down its SolarWinds systems.