Earlier this week, as few people knew about Solarwinds, the Texas-based software company provided important computer network monitoring services to corporations and government agencies around the world.
But aliases or selective cyber spies have spent months secretly hiding Solarwinds software. Many of its highest profile customers have been placed on high alert in national governments and Fortune 500 companies for viewing in computer networks. And it raises questions about how insiders of the company became aware of its security vulnerabilities as its large investors sold the stock.
Founded in 1999 by two brothers in Tulsa, Oklahoma, the company’s website says its first product “IT Professionals came to the scene to allay everyone’s fears.”
At the moment, its products are intimidating. On Sunday the company began warning its nearly 33,000 customers that the “foreign nation state” – which is widely suspected to be Russia – had found the back door of some updated versions of its premier product Orion. The ubiquitous software software tool, which helps organizations monitor the performance of their computer networks and servers, has become a tool for spying on stolen data.
“They are not household names in the same way as micro .ft. That’s because their software fits into the office fees behind the software, “said Rob Liver, a research analyst at Baird who has been with the company for years. “Workers could have spent their entire careers without hearing about Solarwinds. But I guarantee your IT department will know about it.”
Now plenty of other people know about it too. One of Solarwinds’ clients was Fire, a leading California cybersecurity firm that invented cybercrime. FireAa revealed earlier this month that its own systems had been compromised by attackers who took off with its defensive hacking tools. Other revealed espionage targets include U.S. Treasury and Commerce. There were sections.
The Department of Homeland Security’s Cyber Security Unit this week instructed all federal agencies to remove compromised software, and thousands of companies were expected to do the same.
The business sector includes the electric power industry, defense contractors and telecommunications companies to protect their systems and assess potential data theft.
The breach has created a crisis for Solarwinds, now on the mountainous outskirts of Austin, Texas. The company’s annual revenue from the compromised product is about half, up from 753.9 million in the first nine months of this year. Its stock has fallen 23 percent since the start of the week.
Moody’s Investors Service said Wednesday that “the prospect of a decent loss, loss of customer content, a decline in business performance and the possibility of higher remedies and legal costs.” Tanki is considering downgrading its rating for the company.
Kevin Thompson, the longtime CEO of Solarwinds, hinted months ago that the company was heading for the end of the year, as the company discovered spinning from one of its divisions. In December, the Solarwinds board replaced him with Sudhakar Ramakrishna, the current CEO of PulseSecure, according to a financial filing, a day before FireA publicly announced a hack on its system and two days before the change of CEO was announced.
On December 7, the company’s two largest investors, Silver Lake and Thomas Bravo, which control a majority stake in a publicly traded company, sold more than $ 280 million worth of stock in Canada’s public pension fund. The two private equity firms said in a joint statement that they were not aware of this potential cybertech at the time they sold the stock. It was six days later when Solarwinds revealed the breach.
The hacking operation began at least in early March when Solarwinds customers who had installed updates to their Orion software software were inadvertently receiving malicious code that could give intruders a similar view to their corporate network that has an in-house IT crew. Fire described Mal Lover’s digging abilities – from being initially inactive for two weeks, masking his magical activity as Orion activity and hiding it in plain sight.
Fire said Wednesday it had identified a “killswich” that prevented hackers from operating the warehousing used. But when it disables the original door knocker, it will not remove intruders from systems where they have created various ways to remotely access the victim network.
Solarwinds officials declined to be interviewed by a spokesman, citing an ongoing investigation into the hacking operation involving the FBI and other agencies.
“This is an imaginative, unfortunate situation,” Oliver said. “Solarwinds products have always been reliable. Its value proposition has been around credibility. ”
The last few weeks at Thompson’s helm are likely to be spent in response to frightened customers, some of which also rank about marketing tactics that may have targeted Solarwinds and its high-profile customers.
The company launched a web page earlier this week listing dozens of its best customers, from the White House, the Pentagon and the Secret Service to McDonald’s restaurant chains and Smithsonian museums.
The Associated Press reports hundreds of thousands of Solarwinds subscribers, although the news agency said it did not use compromised Orion products. Solarwinds estimated in a financial filing that about 18,000 customers had installed compromised software, meaning many of them were at risk for espionage operations this year.
Fire said without naming specific targets, it has confirmed the infection to governments, consulting firms and healthcare, technology, telecommunications and oil and gas industries in North America, Europe, Asia and the Middle East – and is providing information to affected organizations worldwide.
___
The report was co-authored by Frank Bajak, an AP techno writer in Boston.
.
