Major hack of US agencies may have started with software company SolarWinds

The hack of the federal agencies appears to have originated from a backdoor planted in an IT firm.

Eli Blumenthal Senior Editor
Eli Blumenthal is a senior editor at CNET with a particular focus on covering the latest in the ever-changing worlds of telecom, streaming and sports. He previously worked as a technology reporter at USA Today.
Expertise 5G, mobile networks, wireless carriers, phones, tablets, streaming devices, streaming platforms, mobile and console gaming,
Eli Blumenthal
2 min read

In this photo illustration, a hacker uses a computer.

Chesnot/Getty Images

More details are coming out about revelations that several US government agencies were hacked. The suspected Russian hack was enabled by a back door built into software from Austin-based IT firm SolarWinds, according to a report from The Wall Street Journal on Tuesday. 

The access point was apparently SolarWinds' Orion network management software. Once hackers added a backdoor to the Orion code, the "software connected to a server controlled by the hackers that allowed them to launch further attacks against the SolarWinds customer and to steal data," reported the Journal. 

In a filing with the Securities and Exchange Commission on Monday, SolarWinds said the vulnerable Orion updates were delivered to customers between March and June, and as many as 18,000 customers may have downloaded the software. The Journal report, however, notes that "investigators expect the total number of victims to be much smaller."

SolarWinds declined to comment.

The hack was spotted a few weeks ago "only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses," according to The New York Times.

See also: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams

A coalition of tech firms seized a domain that was used in the hack, ZDNet reported on Tuesday. The move was taken to prevent the spread of further instructions to infected computers.

The Commerce Department confirmed the news of the hack over the weekend, with the Times reporting that other agencies including the State Department, the Pentagon and the Department of Homeland Security were also impacted. 

"We can confirm there has been a breach in one of our bureaus," a Commerce spokesperson said on Sunday. "We have asked CISA and the FBI to investigate, and we cannot comment further at this time."

CNET's Steven Musil contributed to this report.