Is there a bright side to all this? Perhaps. That is a “near-hit” in my mind rather than a “near-miss”. This could have happened to anyone you didn’t even need to be an Orion software customer.
#Orion solarwinds wikipedia skin
There was probably a realization by many senior IT and security people that they had escaped by the skin of their teeth. In fact, it’s been reported since that around one-third of the private sector and government victims of this “colossal hacking campaign” had no direct connection to SolarWinds at all. Systems were monitored, data and IP harvested. The hack was clearly very bad news for the eight US federal agencies affected, which included the FBI and the Pentagon, along with up to 18,000 other SolarWinds customers attacked with malware. Why does it matter for the rest of us, and the mainframe world in particular? The hackers apparently had access to the company’s emails for NINE months. It’s believed the hackers first tested their ability to insert malicious code into Orion network management software as early as October 2019. The SolarWinds’ CEO later confirmed that “suspicious activity” in his Office 365 email account allowed the bad actors to access and exploit the Orion software development environment.
I read recently that the hackers likely gained access using compromised credentials and/or a third party application that took advantage of a zero-day vulnerability. Yet this may be one case where something good results from something very bad. That old nautical phrase popped into my head when I heard about the SolarWinds Orion supply chain compromise. It’s an ill wind that blows no good, and profits nobody.