New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor


The investigation into how the attackers managed to compromise SolarWinds’ internal network and poison the company’s software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack.

A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed that the operators behind the espionage campaign likely managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the malicious backdoor through its software release process.

Read more…