SolarWinds hackers first breached systems in September 2019

Image of a cyber criminal using several computers in a dark room
(Image credit: Shutterstock)

The investigation into the SolarWinds cyber attack has revealed that hackers may have had access to the company’s internal systems since September 2019 – over a year before the incident was reported.

On 14 December, the software company confirmed that its systems had fallen victim to “a highly sophisticated, manual supply chain attack” which “intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack”.

However, SolarWinds’s president and CEO Sudhakar Ramakrishna has now revealed that the investigation of the incident now lists 4 September 2019 as the probable start of the chain of the events. It is on that day that threat actors are believed to have accessed SolarWinds internal systems, before injecting a test code and beginning trial runs three months later in December 2019.

“Our current timeline for this incident begins in September 2019, which is the earliest suspicious activity on our internal systems identified by our forensic teams in the course of their current investigations,” Ramakrishna revealed in a company blog post.

“The subsequent October 2019 version of the Orion Platform release appears to have contained modifications designed to test the perpetrators’ ability to insert code into our builds,” he said.


Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation


The timeline of the incident might be particularly significant given the news that SolarWinds is facing a class action lawsuit filed by its shareholders. The complaint alleges that the company failed to disclose that SolarWinds’ Orion monitoring products had a vulnerability that allowed hackers to compromise the server since mid-2020. It also alleges that the company had set an easily-breachable password for the SolarWinds' update server, which ultimately resulted in SolarWinds' customers, including the US government, Microsoft, Cisco, and Nvidia, being vulnerable to hacks.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.