SolarWinds hires former CISA director Chris Krebs to consult on hack aftermath

Krebs has formed a cybersecurity firm with former Facebook Chief Security Officer Alex Stamos.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala

Chris Krebs will consult with SolarWinds as it deals with a major compromise.

Getty Images

SolarWinds is getting help on the massive hack that infected its software and spread to thousands of its government and private sector clients. The Texas-based IT software company has hired Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency, to consult on the breach.

SolarWinds is currently investigating how hackers penetrated its systems and inserted malicious software into an update to the company's popular Orion products. Thousands of SolarWinds customers installed the tainted update, and hackers were then able to access their systems. Federal agencies, major tech companies and hospitals were among the organizations targeted by the hackers.

"We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software development company," the company said in a statement. SolarWinds also published a blog post Thursday laying out its plan for addressing the hack going forward.

Krebs, who oversaw election security during the 2020 presidential election and was fired from his post by President Donald Trump in November, has formed a consultancy with former Facebook Chief Security Officer Alex Stamos. At CISA, Krebs ran a government website debunking false claims of election fraud. His firing received backlash from the cybersecurity community and lawmakers.

US intelligence agencies said Tuesday the hack likely originated in Russia. Russia has denied involvement in the hack.