Years before a SolarWinds security breach that compromised the networks of multiple federal government agencies, a notorious hacker attempted to sell access to the company's computers on underground forums, according to a new report.
The hacker, known as "fxmsp," was one of several individuals who attempted to sell access to SolarWinds machines in online forums during 2017, according to a Tuesday report from Reuters, citing two researchers who had independent access to the forums.
The report notes that fxmsp's attempt to sell access is not believed to be the "most likely" source of the recent breach that compromised many of the major government agencies using the company's software, including the Treasury Department, the Department of Homeland Security and the National Institutes of Health.
Vinoth Kumar, a security researcher, told the outlet that he warned SolarWinds that their update server could have been accessed by "any attacker" with ease last year because the password was set to "solarwinds123." Kumar first notified the company of the issue on November 19, 2019 and the company responded three days later, according to emails he supplied to Newsweek.
Kumar believes the vulnerability may have been present as far back as June 2018. Fxmsp's reported attempt to sell access to the company was probably unrelated to the password issue, since the alleged offer of access to SolarWinds was said to have occurred during the previous year. The recent breach, allegedly by Russian hackers, is also unlikely to be directly related to the password vulnerability since it took place months after the issue was remedied.
In July, federal prosecutors indicted fxmsp for his alleged crimes, revealing him to be a 37-year-old citizen of Kazakhstan named Andrey Turchin. He was charged with computer fraud and abuse, conspiracy to commit computer hacking, conspiracy to commit wire fraud and access device fraud. Turchin could face up to 50 years in prison if convicted on all charges.
Prosecutors say Turchin and his co-conspirators used a variety of cyberattacks to compromise network computers belonging to companies from around the world. The group then allegedly used underground forums to advertise access to more than 300 different corporate entities, including over 30 U.S. companies.
Computer security company Group-IB contends that Turchin attempted to sell access to 135 different companies in 44 different countries, taking in over $1.5 million during more than three years of illicit activity.
"Cybercrime knows no international borders, and stopping these crimes requires cooperation between an array of international partners. I commend Kazakhstan for its assistance in this investigation," U.S. Attorney Brian T. Moran said in a statement following the indictment. "I am hopeful these critical international partnerships between cybercrime investigators will lead to holding Andrey Turchin accountable in a court of law."
Newsweek reached out to SolarWinds for comment.
