Details are still emerging about the SolarWinds breach, in which hackers inserted malicious code into software updates for the SolarWinds network management product Orion in order to conduct cyber-espionage against the U.S. federal government and multiple other targets. But the fallout from the attack, which is suspected to be linked with Russian hackers, is still being investigated, and early indications suggest the ramifications and victims could be extensive.
SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach. The list was hosted on “Customers” page of the company’s website and is easily accessible through its Google cache. But the page has been deleted from the site itself, suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity.
SolarWinds is still reeling from an extensive Russia-linked hack reported on Sunday, which affected a range of government agencies and private corporations. The hack was reportedly executed by compromising SolarWinds’ Orion IT product, using Orion’s update system to deploy malicious code. As organizations scramble to determine who may have been vulnerable to the hack, the list of organizations using Orion IT is the best guide many have.
SolarWinds’ overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States.
Increased vigilance should not just be directed at SolarWinds, the cybersecurity community may begin seeing copycat supply chain hackers, who also may want to fly under the radar to gather intelligence on federal government agencies or the private sector.
