SolarWinds Breach Was Detected By The DOJ Six Months Earlier Than Previously Reported

Key Highlights

• The US Department of Justice (DOJ) discovered the SolarWinds breach six months earlier than previously thought, but the significance of the breach was not immediately apparent at the time.
• The incident highlights the importance of information-sharing among agencies and industry and the need for continued efforts to improve cybersecurity measures and reduce the risk of such incidents occurring in the future.

The Discovery of SolarWinds Breach

Reports indicate that the SolarWinds breach was discovered by the US Department of Justice (DOJ), Mandiant, and Microsoft six months earlier than previously thought, but they did not realize its significance at the time. 

The breach, which was made public in December 2020, involved Russian hackers infiltrating SolarWinds and placing a backdoor into software that was delivered to approximately 18,000 of its clients. 

DOJ, Mandiant, and Microsoft Discover Breach Earlier But Fail To Recognize Its Significance

This malicious software then spread to nine US federal agencies, including the DOJ, the Department of Defense, and the Department of Homeland Security, as well as several major tech and security firms like Microsoft, Mandiant, Intel, and Cisco. The hackers had access to these systems for up to nine months before Mandiant exposed the attack.

1. In May 2020, the Department of Justice (DOJ) detected unusual traffic coming from a server running a trial version of SolarWinds’ Orion software suite. 
2. The DOJ sought help from Mandiant to determine if the server had been hacked, and Microsoft was also brought into the investigation. 
3. However, it’s not clear why Microsoft was involved, and the DOJ did not immediately recognize the gravity of the breach.

DOJ’s Investigation Into The Breach

After investigators suspected that the hackers had directly breached the DOJ server by possibly exploiting a vulnerability in the Orion software, they reached out to SolarWinds to assist with the inquiry, but the company’s engineers were unable to detect any vulnerability in their code. 

With the mystery still unresolved in July 2020, communication between investigators and SolarWinds stopped, and a month later, the DOJ purchased the Orion system, indicating that they were satisfied that the Orion suite no longer posed any further threat. However, a DOJ spokesperson confirmed that the incident and investigation occurred but did not provide any details about the investigators’ conclusions.