Parker Waichman LLP is filing lawsuits on behalf of Fortune 500 firms, companies, and government agencies affected by the 2020 SolarWinds Orion Software Supply Chain Attack.
According to an investigative news report published on businessinsider.com, SolarWinds Inc. experienced a devastating cyberattack after hackers plugged malicious code into a SolarWinds’ Orion software update that was then distributed to approximately 18,000 customers. The malware allowed Russian hackers to breach several government agencies, Fortune 500 firms, and thousands of businesses through SolarWinds’ Orion software.
On December 15, 2020, SolarWinds Inc. reported the malicious code breach to the United States Securities and Exchange Commission. Although SolarWinds was aware of the issue and is a cyber-security company, SolarWinds proceeded to disseminate the malware-infected updates to customers and failed to revoke the compromised digital certificate that is used to sign them and protected many of SolarWinds’s customers.
The type of cyberattack that was conducted against SolarWinds is called a Supply Chain Attack. Supply Chain Attacks are rare and extremely difficult to pull off. The SolarWinds Supply Chain Attack is perhaps the most damaging cyberattack that has ever occurred.
According to FireEye, hackers embedded malicious code into an authentic SolarWinds Orion software update. These software updates are then distributed automatically to customer networks. Once a SolarWinds Orion software customer receives the software update, the customer’s networking environment becomes infected with “backdoor” malware. This “backdoor” malware allows attackers to remotely access the victim’s entire networking environment, rendering all network security useless.
As far back as November 2019, SolarWinds was warned by a security researcher that the company’s FTP server was vulnerable to hackers uploading malicious files that could be distributed to SolarWinds’ customers. The vulnerability was due to the weak password SolarWinds used on its update server. SolarWinds’ used the password “solarwinds123” for its update server, which made the company’s update server easily accessed by virtually anyone.
Microsoft claims the attack compromised an on-premise SAML token signing certificate that is used to generate additional tokens for highly privileged authorized users. This allowed the malicious attack to go unseen because of SolarWinds’ trusted certificate.
2020 SolarWinds Orion Software Supply Chain Attack victims are investigating whether or not they have been affected by the attack. A few of the prominent victims of the 2020 SolarWinds Orion Software Supply Chain Attack include:
- The U.S. Treasury Department,
- The U.S. Department of Commerce’s National Telecommunications and Information Administration
- The U.S. Department of Homeland Security
- The North Atlantic Treaty Organization (NATO)
- The European Parliament
- The U.K. National Health Service (NHS)
- The U.K. Home Office
- and many businesses, including Fortune 500 companies
The Business Insider’s article alleges that the hackers were capable of spying on federal agencies and companies for several months. The hackers could easily examine victims’ private communications and files. U.S. government authorities instructed clients using the Orion software “to disconnect from it.”
SolarWinds Inc. is an American company based in Austin, Texas that creates software for companies to help customers manage their computer systems, networks, and information technology. The company employs about 2,500 people and has an estimated annual revenue of $938.5 million (2019).
CONTACT PARKER WAICHMAN LLP FOR A FREE CASE REVIEW
Was your business or governmental agency affected by the 2020 SolarWinds Orion Software Supply Chain Attack?
Parker Waichman LLP helps firms and agencies affected by the SolarWinds Supply Chain Attack receive full monetary compensation. Trust your case with our Business Litigation Attorneys. For a free consultation, contact our law firm today by using our live chat or calling 1-800-YOUR-LAWYER (1-800-968-7529).
New York | Brooklyn | Queens | Long Island | New Jersey | Florida
Call us at: 1-800-YOURLAWYER (800-968-7529) | Schedule your free consultation