The SolarWinds Hack
What is the SolarWinds Hack?
In early 2020, Hackers got into Texas-based SolarWind’s servers and installed harmful malware in the company’s software system, ‘Orion’ system. This system is commonly used by businesses to manage IT resources and SolarWinds has 33,000 Orion customers. Like most software companies, SolarWinds sends out updates to their systems on a regular basis, whether it’s to cure a defect or add new functionality. Therefore, beginning in March 2020, SolarWinds unintentionally sent software upgrades to its clients that contain the infected malware.
According to SolarWinds, up to 18,000 of its clients installed upgrades that rendered them exposed to hackers. SolarWinds has several high-profile clients, including Fortune 500 firms and various US government organizations. Parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury were among the US organizations affected. Private corporations such as Microsoft, Cisco, Intel, and Deloitte were also affected.
The US administration claimed that Russia was responsible for the strike. The Russian hacker organization Cozy Bear, which is linked to the Russian Federation’s Foreign Intelligence Service (SVR), is thought to be responsible for the infiltration. This is the same group that was engaged in the hacking of Democratic National Committee emails, which resulted in Russian meddling in the 2016 U.S. presidential election.
American Response to SolarWinds
First, the US government publicly attributed the SolarWinds incident to the Russian SVR, describing it as a ‘broad-scope cyber espionage operations’. According to the White House statement, the US Intelligence Community has high confidence in the attribution. Second, the White House issued an order directing the US government to expel 10 Russian diplomats and impose a slew of additional restrictions on Russian individuals and assets. The ruling also imposes major new limits on Russia’s sovereign debt, making it more difficult for the government to obtain funds and sustain the country’s currency.
The US government’s decision to take action against Russia in response to the SolarWinds compromise reflects an effort to create a new norm in cyberspace: that cyber espionage campaigns should not disrupt thousands of private-sector computer systems, cost millions of dollars in mitigation costs, and raise public safety concerns. This decision aims to communicate that the scale of the SolarWinds hack went beyond the scope of a standard espionage effort and required a reaction.