SolarWinds and FireEye Breached: What You Should Know…


December 17, 2020

It’s been a heck of a month for cybercriminals. Two major cybersecurity firms had their lunch eaten by hackers

Who Was Hacked?

FireEye and SolarWinds were hacked. Up to 18,000 SolarWinds customers were affected by the attack and FireEye had proprietary cybersecurity tools stolen.

Amongst those 18,000 customers were both the United States Federal Government, and FireEye…wait a minute…are these two attacks connected? You better believe it!

What Happened?


Earlier this month, FireEye was hacked. The cybersecurity firm said the attack was sophisticated, so much so, that they believed it to be the work of a foreign nation.

After breaching FireEye, attackers stole a collection of tools the company’s Red Team uses to mimic cyberattacks with customers to help the customer better protect themselves. Some of the tools had already been shared with the public, while others were proprietary to the FireEye Red Team program and not publicly available.

As FireEye researched the breach, they came to realize it was connected to a compromised piece of software they had downloaded and installed from a business partner, SolarWinds.

“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye’s incident response arm, in a recent interview with Bloomberg. (Read Here)


Back in March, hackers compromised two software updates to Orion, a SolarWinds product that’s billed as a scalable, one-stop-shop IT monitoring software.

The versions, 2019.4 HF 5 through 2020.2.1, were deployed between March and June of this year.

Hackers used a very sophisticated manual supply chain attack to monitor the communications of the SolarWinds customers who had the versions installed. According to a recent court filing from SolarWinds (read here), the company estimates 18,000 of their customers had the compromised software installed.

Who is Behind the Hack?

Unsure, but currently we believe the attack was pulled off by a team known for working with the Russian Foreign Intelligence Service (SVR). That’s a preliminary finding. I don’t think the general public will ever get absolute confirmation that Russia was behind the attack, outside of what’s already been said publicly.

What Were the Hackers Doing/Looking At?

So far it looks like they were monitoring internal communications. Emails. What’s important is those emails belonged to people in the Department of the Treasury, Department of Homeland Security, and the Pentagon.

Since the hackers are the ones who compromised the software to begin with, I assume they’ve had access to these emails for a long, long time.

What Happens Next?

The Cybersecurity & Infrastructure Security Agency (CISA. If you’re unfamiliar with them check out this article) has already told impacted government bodies via a release (Read Here) to disconnect the Orion products from their network.

The breach was so significant for the Fed that the National Security Council held an emergency meeting to try and wrap their head around how damaging the breach was.

As for what should happen next, that’s still up in the air. If you’re a SolarWinds customer and you’re using the compromised software it might be a good idea to stop what you’re doing and patch, patch, patch. SolarWinds released a fix for the issue yesterday. You can find out more about what you have to do here:

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...