The information technology company at the center of a massive cyberespionage campaign that compromised at least five different federal agencies has removed from its website any mention of its high-profile customers — roughly 18,000 of whom were affected by the attack.
A Google web cache of the company’s website from Monday shows a “customers” page on SolarWInds’s website that boasted its 300,000 customers included “more than 425 of the US Fortune 500,” the 10 biggest telecommunications companies in the United States, “all five branches” of the U.S. military, the five biggest accounting firms in the country, hundreds of colleges and universities worldwide, and a number of different government agencies and offices — including the Pentagon, the State Department, the National Security Agency, the Department of Justice, and the Office of the President.
Recommended Stories
That list is now gone, prompting speculation that the U.S. network-management company was taking steps to protect its clients from bad publicity, according to the Verge.
The Washington Examiner reached out to SolarWinds for comment on its customers page.
SolarWinds acknowledged Sunday night that its systems had been compromised by hackers who infiltrated the company’s Orion software updates in order to distribute malware to its customers’ computers.
The compromised updates gave hackers “God-mode” access to victims’ networks, making everything visible.
“We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” Kevin Thompson, the president and CEO of the company, told the Washington Examiner in a statement over the weekend. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Early reports on the attack focused on the Commerce and Treasury departments, but now at least three other agencies, including the State Department, the National Institutes of Health, and the Department of Homeland Security were also compromised, according to the Washington Post.
The Cybersecurity and Infrastructure Security Agency issued a rare directive to identify and contain servers that are thought to be compromised.
Neither the federal government nor any of the private partners involved identified publicly who might have been behind the SolarWinds attack, but the FBI is reportedly looking into the Russian hacking group APT29, also known as Cozy Bear, as a potential culprit, according to the Washington Post.
If Russian culpability is definitively established for the hacks of U.S. government agencies, it would harken back to Russia’s large-scale hacking of the State Department in 2014. Actors affiliated with Russia’s Main Intelligence Directorate of the General Staff, or GRU, were also named by the U.S. as being responsible for the hacking of the Democratic National Committee’s email systems in 2016.
APT29 has been linked to several high-profile hacking campaigns, including attempts to steal coronavirus vaccine research and last week’s attack on FireEye.
