Full impact of SolarWinds attack begins to emerge across tech sector, federal agencies

A more sobering picture is beginning to emerge among cybersecurity experts following the massive cyberattack against SolarWinds earlier this month, after hackers breached several key federal agencies as well as a large number of U.S. companies across sectors.

The attack, discovered by cybersecurity firm FireEye, involved the insertion of SUNBURST malware inside a trojanized version of the SolarWinds Orion software, a widely available monitoring platform that thousands of companies and government agencies around the world use to monitor internal IT systems.

SolarWinds notified about 33,000 customers regarding the breach, 18,000 of which were affected by the malware. Cybersecurity experts said while the full scope of the breach is not yet known, the impact on the technology sector appears to be somewhat limited.

"Thankfully we have not yet seen an extreme impact or following incident from these or other affected providers," John Hammond, senior security researcher at Huntress, said via email. "The efforts from the technology sector indicate that while the infected software was present, it was not on a critical system or affecting their product, service or operations."

Several leading technology companies and other organizations are evaluating the impact of the SolarWinds breach and other recent nation-state attacks. Here are how 5 technology companies are responding to the compromise:

VMware

VMware, the target of an exploit from Russian-state actors disclosed by the National Security Agency in early December, said there is no indication that the compromise had any involvement in the nation-state attack on SolarWinds. The company analyzed the limited use of SolarWinds in its environment and did not find any evidence of exploitation.

The company issued a patch for a vulnerability in its VMware Workspace ONE platform on Dec 3. VMware is encouraging customers to issue all patches, product updates and mitigations available for their specific environments.

VMware Carbon Black and NSX have been updated to help customers find and prevent malicious components related to the breaches.

Cisco

Cisco immediately began its established incident response process after the SolarWinds attack was announced, according to a Cisco spokesperson.

"We have isolated and removed Orion installations from a small number of lab environments and employee endpoints," the spokesperson said in an emailed statement. "At this time there is no known impact to Cisco products, services or to any customer data."

The company is continuing to investigate all aspects of the evolving situation with the highest priority, according to the statement.

Intel

Monday, The Wall Street Journal reported Intel and NVIDIA were among organizations that downloaded SolarWinds Orion. Intel said it was still actively investigating, but saw no evidence or indication that any of its systems were affected.

NVIDIA

NVIDIA said it has no evidence at this time that the company was adversely affected, according to a spokesperson. The investigation is ongoing.

Microsoft

Microsoft, which helped identify the initial SolarWinds attack during the very early stage of the disclosure, last week announced it would begin blocking malicious binaries linked to the malware. Microsoft President Brad Smith issued a call for a global coordinated response to combat nation-state actions like this.

Regulators also impacted

The SolarWinds attack is having a more direct and far reaching impact at the government level, which President-elect Joe Biden, in a speech Tuesday, said is an ongoing situation that had not yet been brought under control. Federal officials are largely attributing the attack to Russia.

Sen. Ron Wyden, D-Ore., ranking member of the Senate Finance Committee, disclosed on Monday that dozens of email accounts at the Department of Treasury were breached in the attack by suspected Russian actors.

Several other key federal agencies, including the Department of Commerce, Department of Homeland Security and the National Institutes of Health, were impacted by the attack. Civilian agencies were previously advised to power down or disconnect from SolarWinds earlier this month by the Cybersecurity and Infrastructure Security Agency.

Treasury Secretary Steve Mnuchin told CNBC that cybersecurity has been a top priority for the administration and for the agency and confirmed non-classified information was affected.

"I will say the good news is there's been no damage, nor have we seen any large amounts of information displaced," he told Jim Cramer in an interview on "Squawk on the Street" on Monday.

Mnuchin told CNBC there were some aspects of the incident he could not discuss as they were classified.

Security experts say the impact of the SolarWinds attack on the industry will be long lasting and may require a period of time before trust in the system can be fully restored.

"Due to the sophistication, breadth and depth of this highly coordinated attack, they may not be able to find and plug all the holes for a very long time," said Bryan Skene, CTO at Tempered Networks. "Maybe we still don't know the extent to which systems are compromised."