SolarWinds Attackers Spent Months in Corporate Email System: Report

SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.

Dark Reading Staff, Dark Reading

February 3, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

As SolarWinds continues to investigate a cyberattack that led it to distribute infected software updates to thousands of organizations around the world, new evidence indicates that attackers were present in its Office 365 email system for months, The Wall Street Journal reports. 

In an interview this week, newly appointed SolarWinds CEO Sudhakar Ramakrishna said the attackers compromised some employee email accounts, which led them to then compromise other email accounts and, as a result, its broader Office 365 environment.

SolarWinds is still working to determine how and when attackers first breached its internal network, the report states, noting at least one Office 365 account was accessed by December 2019. It is possible attackers compromised Office 365 accounts even earlier and used this as a foothold to get into the company, Ramakrishna said, though this is only one of many potential scenarios. 

Since taking the role of CEO, Ramakrishna has hired outside experts to aid in breach recovery including former US cybersecurity official Chris Krebs and former Facebook security chief Alex Stamos, who recently teamed up to form a consulting business. Under his leadership, the company has also changed its software development processes, the report states. 

Read the full WSJ report for more information.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights