SolarWinds details Orion cyber attack
SolarWinds’ new CEO Sudhakar Ramakrishna has provided details into investigations into the compromise of its Orion network monitoring platform in a sophisticated cyber attack.
In an update, Ramakrishna said the company is working with DLA Piper, CrowdStrike, KPMG and other industry experts on a root cause analysis for the attack aimed at examining how malicious code was inserted into the software without its knowledge.
The investigation to date suggests the use of a “highly sophisticated and novel malicious code injection source” to insert the malicious code into the software.
The malware, which appears to have been carefully crafted to avoid detection, is so sophisticated that the US government and many private sector experts are speculating that a foreign nation state conducted the operation as part of a targeted attack on US cyberinfrastructure.
Analysis suggests that the attackers were able to circumvent threat detection techniques employed by SolarWinds, other private companies and even the US government. The code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment.
SolarWinds, CrowdStrike and KPMG have reverse engineered the code responsible for the attack as part of the investigation. The company has expressed concern that other software development environments could be vulnerable to a similar attack.
Cyber lessons from 2025: why human risk will define 2026
Success in 2026 will come from building security into the rhythm of business, where technology,...
2026 will be the year identity defines cyber defence
2025 gave us an initial look at what happens when AI scales faster than identity controls.
How to harness AI to advance cybersecurity
Organisations that prioritise AI-enabled security and a culture of continuous learning...
