SolarWinds has found and reverse engineered ‘highly sophisticated and malicious’ code used in recent cyberattack

/ / News

SolarWinds Corp. said Tuesday it has found a highly sophisticated and novel malicious code injection source that it believes was used by the perpetrators of the recent cyber-attack on the company and its clients, including federal government agencies. The company said in a regulatory filing that it was able to reverse engineer the code, allowing it to learn more about the tool that was developed and deployed into the build environment. “Analysis suggests that by managing the intrusion through multiple servers based in the United States and mimicking legitimate network traffic, the attackers were able to circumvent threat detection techniques employed by both SolarWinds, other private companies and the federal government,” the company said. “The SUNBURST malicious code itself appears to have been designed to provide the perpetrators a way to enter a customer’s IT environment. If exploited, the perpetrators then had to avoid firewalls and other security controls within the customer’s environment.” KPMG and CrowdStrike have been able to locate the code injection source, said the filing. The company is encouraging customers to visit a blog post written by the CrowdStrike team for additional details on its findings. The company said it was not able to independently verify the identity of the perpetrators, who are understood to be a foreign nation-state. SolarWinds shares rose 1.6% premarket, but are down 18% in the last 12 months, while the S&P 500 has gained 16%.
Market Pulse Stories are Rapid-fire, short news bursts on stocks and markets as they move. Visit MarketWatch.com for more information on this news.