The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated that many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. The ‘SolarWinds hack’, is a recently discovered cyberattack in the United States, that has emerged as one of the biggest ever global cyberattacks targeted against the US government, its agencies and several other private companies.
CISA has found out that roughly 30% of the victims identified by the agency did not have a direct connection to SolarWinds. On investigating the incident, it is evident that significant numbers of both the private-sector and government sector companies affected in the attack had no direct link to SolarWinds.
The attackers have also been known to target organizations through Microsoft services. The SolarWinds investigation suggests that SolarWinds has been trying to determine if its own network was initially breached through Microsoft services. Microsoft confirmed that it had found some of the malicious SolarWinds files on its systems, but said it had found no evidence that its own systems were leveraged to target others.
However, CISA did not clarify whether victims with “no direct connection to SolarWinds” included organizations that had received the malicious updates but did not actually use the software.