Hacking incidents always dominate the news, and rightfully so. They’re proof that no one is safe, especially when the victim is a major corporation with a sophisticated cybersecurity system. One hack that had a substantial impact on the cybersecurity landscape was the SolarWinds hack.

But unlike other large-scale hacks, the SolarWinds attack’s damages weren’t limited to the company’s finances and reputation. The effects were so widespread that the impact of the hack involved of the US government and its agencies.

What Was the Scale of the Hack?

SolarWinds is a US-based IT company that specializes in developing management software for businesses and government agencies. So, from the get-go, it was clear that any hack would have catastrophic effects beyond SolarWinds' assets and reputation.

It’s safe to say that the SolarWinds corporation itself wasn't the target of the attack, but only the method of attack. SolarWinds reported that just over 18,000 of their clients downloaded an affected version, though not all were actively hacked.

Of the victims, around 20 percent were US government institutions and agencies such as the Department of Homeland Security, the State Department, the National Nuclear Security Administration, and the Department of Energy, among many others.

The remaining 80 percent of victims were private corporations, but they were big players in their industry with their fair share of high-profile clients. The hack affected companies like Cisco, Intel, Deloitte, and Microsoft, as well as some medical institutions, hospitals, and universities.

It’s important to note that the scale of the incident isn’t yet fully known. While the hackers managed to gain access to nearly 20,000 of SolarWinds’ clients, that doesn’t mean they were able to bypass their internal security systems and compromise files and data. Exact numbers haven't been released, but it's reported that fewer than 100 customers were hacked.

For instance, Microsoft was able to detect the intrusive malware in their environment and isolate it in time. They reported no evidence of compromised or leaked customer data from the attack, allowing them to escape it mostly unscathed.

But not everyone was this lucky. The hackers managed to force their way into dozens of emails belonging to high-ranking officials in the American Treasury Department and possibly, the department’s cloud properties.

What Makes the SolarWinds Hack Different?

Often, a hacking incident is the result of a failed security system or inside collaboration. But that wasn't the case for the companies affected by the so-called "Sunburst" hack—just under 100 of all those who downloaded the infected update.

The hackers only needed to get around SolarWinds’ cybersecurity. They then proceeded to add malicious code into one of the company’s most used software services, Orion. The hacking incident was stealthy and nondestructive, allowing it to slip under SolarWinds’ radar and stay there for months.

The code spread itself to other clients by hitching a ride on one of the regular software updates that SolarWinds sends out to its clients. There, the malicious code set up a backdoor for the hackers, allowing them to install even more invasive malware and spy on their targets and leak any information they deemed important.

The Sunburst hack set a precedent for who companies can and cannot trust when it comes to cybersecurity. After all, software updates are supposed to come with bug fixes and security upgrades to keep your systems safe from exploited vulnerabilities and gaps.

This type of attack is known as a supply chain attack. In it, hackers target the most vulnerable part of a company’s supply chain instead of directly hitting their target. They then packet their malware into trusted vessels and ship them to their actual targets. In this incident, it was in the form of a routine software update.

Who Was Behind the SolarWinds Hack?

It’s still unclear what organization or group of people were behind the hack as no hacker group has claimed the incident so far. However, federal investigators alongside leading cybersecurity experts primarily suspect Russia’s Foreign Intelligence Service, also known as the SVR.

This conclusion was a build-up on the previous hacking incidents of 2014 and 2015. Back then, investigations also pinned the breaking into email servers in the White House and the State Department on the SVR. But so far, Russia denies having anything to do with the SolarWinds’ hack, leaving no clear culprit.

What Comes After the Sunburst Hack?

solarwinds feature logo image

In terms of the direct effects of the hack, corporations and government agencies continue to scan their systems for any additional backdoors the attackers might’ve left, as well as any security vulnerability they might’ve uncovered and prevent them from exploiting it in a future attack.

But when it comes to the corporate and government-based cybersecurity landscape, things are forever changed. After SolarWinds’ Orion was used as a Trojan Horse to infiltrate their systems, the concept of friend and foe and zero-trust cybersecurity has to change to keep up.

Related: What Is a Zero Trust Network and How Does It Protect Your Data?

Governments, corporations, and users would have to change how they view their cooperative and financial relationships in exchange for a strong cybersecurity shield and a safer future.

Should You Be Worried?

worried woman

Hackers rarely take what they came for and leave the rest intact. Everything in a company or government’s database has immense value.

While companies that conduct business with SolarWinds, and companies that affiliate with those affected companies all double-checked their systems after the hack, there isn’t much you could do as an individual user.

There’s no need to worry about having the malware or backdoor on one of your devices as the attack mainly targeted corporations and institutions. But you may be a customer of tech giants like Intel or Microsoft, and they have personal and financial records about you from past purchases.

Keep track of any urgent notifications your vendors send out and whether they release any public announcements regarding security incidents. The sooner you know of a possible breach of your data, the better your chances are at getting away unscathed.

Will There Be Another Sunburst-Like Attack?

Whether government agencies and companies would be able to upgrade their security systems in time before another attack is still unknown.

But as long as corporations and institutions carry sensitive and valuable data, they’ll always be a target for hacker groups, both local and international.