SolarWinds executive says large companies privately tell him they faced nation-backed hackers

A top executive for SolarWinds, whose breach by hackers compromised federal networks, says he knows of large companies that have quietly gone toe-to-toe with nation-directed hackers like the ones who hit his company.

“I talked to a number of large companies or entities that would be [susceptible] to a nation state. They’ll tell me, ‘Yes, it happened to us. Yes, we know these threat actors, but it just didn’t go public. We didn’t talk about it, but they’re there,’” SolarWinds chief information security officer Tim Brown told news site Cybersecurity Dive. “So by us coming out and talking about it, I think we make it real for people making it so it’s not theoretical anymore.”

The Biden administration has said the SolarWinds breach the work of the Russian Foreign Intelligence Service (SVR). In April, the administration imposed sanctions on Russia for the onslaught against SolarWinds that was made public late last year and which the U.S. government has said compromised nine federal agencies. 

After the sanctions were imposed, Microsoft said in May that it observed cyberattacks by the same hacker targeting government agencies, think tanks, consultants, and non-governmental organizations.

Microsoft also said then that the new attacks targeted about 3,000 email accounts at more than 150 organizations, but Microsoft noted that it was “not seeing evidence of any significant number of compromised organizations at this time.”

On Sunday, Microsoft announced it observed the same hackers, which it dubbed “Nobelium,” selecting a different target — organizations that make up critical aspects of the global information technology supply chain, particularly technology service providers that deploy and manage cloud services. 

“These attacks have been part of a larger wave of Nobelium activities this summer,” Tom Burt, Microsoft corporate vice president, wrote on the company’s blog. “In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Cybersecurity professionals have said the news that Russian hackers have continued their onslaught should not come as a surprise.

“If anyone is surprised that SVR is still engaging in espionage, they should check the mission statement of intelligence agencies,” tweeted Dmitri Alperovitch, a co-founder of cybersecurity company CrowdStrike. “SolarWinds/HolidayBear campaign (going after hard targets via IT/cybersecurity companies) was a tactical direction shift, not a one-off operation.”