SolarWinds Corp. said a computer breach tied to Russia-linked hackers who accessed U.S. government systems and corporate networks after manipulating some of the software provider’s code had penetrated its systems earlier than first disclosed.
Austin, Texas-based SolarWinds on Tuesday said the current investigation showed the hackers gained access in early September 2019, a month earlier than previously stated. Investigators believe preparations for the attack may have gone back far longer. A month later, a version of the company’s Orion Platform software appears to have contained modifications designed to test the hackers ability to insert the code into the system. The malicious code was added starting Feb. 20, 2020, the company said, and customers had access to the compromised software by March 26, 2020.
Intelligence officials have said the attack was one of the most sophisticated cyberintrusions of U.S. systems they had seen.
The network-management company, working with hired cybersecurity experts, said it reverse-engineered the code, called Sunburst, allowing them to learn more about the hack. SolarWinds said an analysis suggests that hackers circumvented detection by mimicking legitimate network traffic that was run through U.S. servers. It is still trying to establish how the code entered its software and went undetected, the company said.
The hackers removed the code from the system in June 2020, SolarWinds said. The company said it learned of the breach on Dec. 12.
