SolarWinds Won't Confirm if Hack Breached U.S. Military, White House

A Texas software company at the heart of a suspected Russian cyber attack on American federal agencies declined to confirm if other government bodies use the same program that allegedly allowed hackers access to internal communications.

SolarWinds, a software company based in Austin whose website lists the White House, Pentagon, State Department, and National Security Agency among others as its customers, cited the FBI investigation into the hack as to why it could not provide details.

The company also services the nation's leading telecommunications corporations and "more than 425 of the U.S. Fortune 500," as well as the U.S. Treasury and Commerce departments.

The White House confirmed this weekend that hackers had gained access to the two departments and monitored internal emails.

Reuters cited four unnamed sources briefed on the matter who said that SolarWinds' extensive client list meant the cyber attack could yet prove a much bigger breach.

"This is a much bigger story than one single agency," one source told the agency. "This is a huge cyber espionage campaign targeting the U.S. government and its interests."

Newsweek contacted SolarWinds on Monday to ask for clarification on which federal bodies used the same software.

A spokesperson refused to comment on what services are supplied to the Executive Office of the President; the Pentagon and all five of its branches; and the NSA. The spokesperson declined to go into details given the early stage of the investigation.

The spokesperson sent Newsweek a statement attributed to SolarWinds president and CEO Kevin Thompson.

"Security and trust in our software are the foundation of our commitment to our customers," Thompson's statement said.

"We strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers."

"We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products.

"We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state.

"We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time."

The hackers are believed to have accessed accounts by tampering with SolarWinds software updates. This kind of "supply chain attack" works by concealing malicious code within real software updates, using them as cover to gain access.

The hackers are thought to have gained access to internal Commerce Department emails by entering through the National Telecommunications and Information Administration's Microsoft 360 Office platform.

SolarWinds filed a notification with the Securities and Exchange Commission on Monday detailing the breach.

The company said it "has taken steps to remediate the compromise of the Orion software build system and is investigating what additional steps, if any, should be taken."

"SolarWinds is not currently aware that this vulnerability exists in any of its other products," it added. "SolarWinds' investigations into these matters are preliminary and on-going, and SolarWinds is still discerning the implications of these security incidents."

The U.S. government has thus far not named the nation state accused of the hack, but anonymous sources told Reuters that the breach was likely a Russian-directed operation.

The Russian embassy in Washington, D.C. dismissed the reports as "unfounded" and claimed Moscow does not engage in any offensive cyber activity.

White House, Pentagon in SolarWinds Russia hack
The White House is seen in Washington, D.C. on December 4, 2020. MANDEL NGAN/AFP via Getty Images/Getty