Contents:
Surprise or not, it looks like the SolarWinds attacks have gone further than we might have thought. It happens that one of the targeted companies by the Russian attackers back then was also Autodesk who only recently confirmed they were affected by the attack at the time.
Nine months have passed since Autodesk allegedly discovered and neutralized the attack on one of its servers that was the recipient of the backdoor malware.
Autodesk is an American company that is focused on developing software and providing services to millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design), drafting, and 3D modeling tools.
We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents.
While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations.
Approached by BleepingComputer reporters, an Autodesk employee who preferred to remain under the protection of anonymity pointed that the attackers failed to deploy any other malware on Autodesk servers than the Sunburst Backdoor; this most likely happened due to the fact that the server has never been selected for a subsequent exploitation stage or merely they did not act fast enough before being detected by Autodesk.
Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied.
Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation.
Many Other Companies Were Breached
As it has been previously been reported the supply-chain attack that happened before the attack on SolarWinds has also been coordinated by a dedicated hacking Russian Foreign Intelligence Service that has several labels varying from APT29 to The Dukes or The Cozy Bear.
The source code of Orion Software Platform has been affected by Trojan attacks impacting builds that were released between 2020 in March and June.
The above-mentioned builds were then used to deliver a backdoor tracked as Sunburst to “fewer than 18000”.
The attack represented a cornerstone as a direct result of it, the Russian state hackers gained access to the networks of multiple US federal agencies and private tech sector firms, like the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States.
After the SolarWinds attack, the US Congress showed increased interest and will to create a federal law requiring breach notifications.
The former chairman of the House Homeland Security Committee, Rep. Michael McCaul, R-Texas, stated that he was working with Rep. Jim Langevin, D-R.I., one of the members of the Cyberspace Solarium Commission, a legislative act enforcing cyber intrusion notifications but also encouraging the industry to come with new solutions when we are talking about intelligence-sharing efforts standardization between “critical infrastructure” operators and the government.