Massive SolarWinds Breach Scooped Up Confidential U.S. Court Records And More
The massive SolarWinds
breach that has even ensnared Microsoft
still has rippling effects. According to reports, it seems that hackers may have exposed sealed U.S. court documents. Simultaneously, SolarWinds is trying to clean up and close security holes following the attacks that used its software. The company has since hired several big names in the security
world to help out, such as Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA).
This week, the Administrative Office of the U.S. Courts reported in a memo that the SolarWinds breach may have “jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system” as KrebsOnSecurity wrote
. It appears that the Case Management/Electronic Case Files (CM/ECF) system was compromised heavily, according to a source close to the investigation into the breach. Moreover, the source also reported that the attackers “seeded the AO’s network with a second stage “Teardrop” malware that went beyond the “Sunburst” malicious software update.” While the U.S Courts may now be secure, we could see lingering attacks on networks across the government if more agencies were also seeded with second-stage malware.
Former CISA Director Chris Krebs
While this is occurring, SolarWinds has been trying to fix its own internal problems by hiring outside companies, such as CrowdStrike Holdings Inc., which provides cybersecurity response services. Yesterday, SolarWinds also hired a new consulting business formed by former CISA director Chris Krebs and former Chief Security Officer at Facebook Alex Stamos. Hiring these companies aims to make “SolarWinds an enterprise software industry security leader” and effectively transform the business, as CEO and President of SolarWinds Sudhakar Ramakrishna explains in a blog post
Though we may still have information to learn about the breadth of the attacks through the SolarWinds Orion platform, the company is trying to make things more secure for the future. We will also have to see what exactly was accessed in the U.S Court system in the coming weeks as the investigations continue.
(Chris Krebs Image Courtesy of CBS News)