TEXAS (BLOOMBERG) - The Russia-linked hackers that compromised popular software by the Texas-based firm SolarWinds last year broke into email accounts and likely took data from the firm.
SolarWinds said it "found evidence that causes us to believe the threat actor exfiltrated certain information as part of its research and surveillance," according to a regulatory filing on Friday (May 7). The hackers "accessed email accounts of certain personnel, some of which contained information related to current or former employees and customers," the company said.
The filing presents the latest information in a cyber-attack announced in December that the US has attributed to Russia's foreign intelligence service in which hackers compromised SolarWinds software in order to spy on its users in the US government and private sector.
SolarWinds estimates the hackers breached fewer than 100 of its customers using its software, according to the filing. The White House has found that about 100 US companies and nine government agencies were hacked by the Russian cyber-attackers through SolarWinds and other means in the course of their espionage operation.
While SolarWinds doesn't know how the Russia-backed group broke into its networks, the company believes the hackers may have used an unknown vulnerability, a brute-force cyber attack,or through social engineering - such as a phishing operation - according to the filing.
The hackers then conducted "research and surveillance" on the company, including its Microsoft Office 365 environment, for at least nine months prior to October 2019, when they moved to the "test run" phase of the attack, according to the filing.
SolarWinds said Friday that it has taken steps to remediate the attack and believes "the threat actor is no longer active in our environments".