SolarWinds (SWI) - Get Report says it has found the source of a highly sophisticated malicious code injection that it believes was used by the perpetrators of the recent cyberattack on it and its clients, including federal government agencies.
In an 8K regulatory filing with the Securities and Exchange Commission, the security software provider said that it was able to reverse engineer the code, allowing it to learn more about the tool that was developed and deployed into the build environment.
The company said it wasn't able to independently verify the identity of the perpetrators.
"The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer's IT environment. If exploited, the perpetrators then had to avoid firewalls and other security controls within the customer's environment." KPMG and CrowdStrike have been able to locate the code injection source, the filing said.
Hackers believed to be linked to Russia’s foreign intelligence service between March and June of last year inserted malware into software updates for SolarWinds’ Orion IT infrastructure management software. This led to security breaches at the Treasury Department, the National Telecommunications and Information Administration, the Department of Homeland Security and a number of SolarWinds’ corporate clients.