December 15, 2020
Computer expert Andrew Morris says he downloaded the infected installer from SolarWinds Orion and found the “backdoor” is still contained on the installer on SolarWinds’ website.
Morris is the founder of GreyNoise, a cyber security firm that specializes in finding comprised devices and detecting internet threats.
SolarWinds Orion is part of the SolarWinds suite of network and computer management tools used by the US government.
Reports indicate that someone, possible Russia, managed to modify SolarWinds Orion in the spring of this year. The modification created a “backdoor” which allowed the hacker to spy on numerous government agencies, including the Treasury, Commerce, Homeland Security, and the Pentagon.
The “backdoor” was identified by cyber security firm FireEye, and dubbed the backdoor “Sunburst.”
The SolarWinds attack seemingly went undetected for months as hackers were able to sneak into U.S. government agencies, putting sensitive information at risk of theft.
Unconfirmed news broke last night that federal agents and Texas Rangers “raided” SolarWinds headquarters in Austin, Texas.