The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment. To date, our investigations have not independently verified the identity of the perpetrators.Īnalysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies, and the federal government. government and many private-sector experts have stated the belief that a foreign nation-state conducted this intrusive operation as part of a widespread attack against America’s cyberinfrastructure. Highly sophisticated and complex malware designed to circumvent threat detectionĪs we and industry experts have noted previously, the SUNBURST attack appears to be one of the most complex and sophisticated cyberattacks in history. The security of our customers and our commitment to transparency continue to guide our work in these areas and going forward.
We recognize the software development and build process used by SolarWinds is common throughout the software industry, so we believe that sharing this information openly will help the industry guard against similar attacks in the future and create safer environments for customers. We believe we have found a highly sophisticated and novel malicious code injection source the perpetrators used to insert the SUNBURST malicious code into builds of our Orion Platform software.
Today we are providing an update on the investigation thus far and an important development we believe brings us closer to understanding how this serious attack was carried out.
As part of that analysis, we are examining how the SUNBURST malicious code was inserted into our Orion Platform software and once inserted, how the code operated and remained undetected. We are working with our counsel, DLA Piper, CrowdStrike, KPMG, and other industry experts to perform our root cause analysis of the attack. As we shared in our recent update, we are partnering with multiple industry-leading cybersecurity experts to strengthen our systems, further enhance our product development processes, and adapt the ways that we deliver powerful, affordable, and secure solutions to our customers. Since the cyberattack on our customers and SolarWinds, we have been working around the clock to support our customers.