SolarWinds CEO Sudhakar Ramakrishna revealed Friday three likely routes that he thinks hackers may have taken to first breach his company’s network, which led to a massive hack afflicting the federal government.
Hackers leveraged SolarWinds computer network management software to compromise nine federal agencies, according to the U.S. government, and 18,000 public and private entities were exposed to the hackers as well.
Mr. Ramakrishna told the Senate Intelligence Committee earlier this week that his company and investigatory partners had narrowed down the origins of the hack to three likely routes. On Friday, Mr. Ramakrishna told the House Committee on Oversight and Reform that the three potential routes were password spraying, credential theft, and a potential vulnerability in third-party software that SolarWinds uses.
“The threat actor I would describe … as hiding in plain sight,” Mr. Ramakrishna said at a hearing Friday. “They were very, very careful about covering their tracks, cleaning up after themselves, and the patience with which they worked was not similar to the run-of-the-mill virus whose job it is to spread as fast as possible and create as much damage as possible.”
Password spraying is a brute-force attack that often involves a hacker systematically guessing users’ potential passwords repeatedly in a short time frame.
Credential theft is cyber identity theft that would have given hackers the account privileges afforded to SolarWinds employees.
Mr. Ramakrishna said the company uses a lot of third-party software itself and was probing whether any of that software that SolarWinds has used gave the hackers access to its network.
While disclosure of the hack hitting SolarWinds came late last year, details about how long hackers were hidden inside the network are still under investigation.
Mr. Ramakrishna told lawmakers Friday that the malware that hackers used to affect its customers — including government offices and private companies — was distributed between March and June.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.