A hacking campaign has gained access to private information from a number of government and industry organizations, including the U.S. Departments of Treasury, Commerce and Homeland Security. The cyberattacks, which were first reported this past weekend, were carried out by compromising a software platform produced by a vendor called SolarWinds.
“We are aware of a potential vulnerability which, if present, is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” Kevin Thompson, president and CEO of SolarWinds, explained in a prepared statement shared via e-mail. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters.”
Because thousands of clients rely on SolarWinds’ products, experts expect more breaches to be revealed in the coming days. Scientific American spoke with Ben Buchanan, a professor specializing in cybersecurity and statecraft at Georgetown University’s School of Foreign Service, about why so many organizations rely on such third-party software and how its compromise made them vulnerable to cyberattacks.
Source: Scientific American