IT management company SolarWinds was hacked recently, purportedly by the Russian government. This reportedly affected the US Treasury, Commerce, State, Energy, and Homeland Security departments, two of which apparently had their emails stolen as a result of the hack. The Wall Street Journal has now reported that some of the major tech companies have also been infected in the hack.
Prominent companies such as Cisco, Nvidia, Intel, Belkin and VMware found that all the computer systems on their networks were affected by the malware. Speaking of the infected companies, SolarWinds has stated that fewer than 18,000 companies were impacted and even made an attempt of hiding the list of clients who used the infected software.
At present, the big tech companies are seemingly firm on the story that they are conducting investigations, however they don’t believe that their systems are impacted. But this can be concluded from the past incidences such as the 2016 hack of the Democratic National Committee’s email, that it may take a long time to fully realize the impacts of a hack. Reportedly, it is very difficult to completely trust a network after a hacker has been inside.
As per the credible sources, investigators are required to go through a lot of data in this case. Further, this issue has been intensified as the investigators identified another hacking group that broke into SolarWinds systems using a similar source. This attack, named Supernova, was at first thought to be part of the main attack but investigators now think it was carried out by another less sophisticated group.
There are several reasons for which a hacking group seeks opportunity to break into a big tech company’s system, including access to future product plans or employee and customer information that could be sold or held for ransom. However, there is a possibility that these companies were a part of collateral damage as the hackers went after government agencies that happened to share the same IT management systems provided by SolarWinds. Apparently, none of these companies seem worried as compared to the computer security organization of the US government, which declared that every federal agency using SolarWinds systems should shut down its systems immediately.