Russian hackers have recently started a new phishing effort against SolarWinds, a well-known alternative energy company. The hackers sent what appears to be a legitimate business email to one of their victims. The subject line contained the words “contact us,” so it would seem that the email came from SolarWinds itself. However, upon further investigation, the hackers sent what appears to be a phishing scam to one of their victim’s family members. This is just one example of how hackers try to get personal information from unsuspecting victims via the Internet.
Around 3000 email accounts used by over 150 organisations in 24 countries were targeted by the hackers, MSTIC Reported.
The emails contained a malicious hyper text markup language (HTML) attachment that executes JavaScript code. The code then writes an ISO disc image file to a computer’s storage, with the victim being encourage to open it.
SolarWinds is not the first time that hackers with ties to the Russian government have sent emails to its victims. In fact, a group calling themselves APT had been circulating emails claiming to provide a free download of a solarwinds “white paper” and other “educational” material. When one of the recipients of this email realized that it was not legitimate, they immediately reported the email to the National Security Agency (NSA). No one from Solarwinds was notified about the hack, nor has there been any indication that anyone has received this particular email.
As if that were not bad enough, the hackers have also posted what appears to be a false internal press release. Again, this press release was distributed to various news sources. It is highly doubtful that the intended recipient of this email, a prospective customer, will take any action upon this unsolicited material. And considering the fact that this cyber attack was carried out by hackers with ties to the Russian government, one can only imagine the negative backlash that could result if this information ends up in the wrong hands. It is highly likely that a tremendous amount of investment as well as business information from this company has been compromised.
It is obvious now that Solarwinds was not completely unaware of what was taking place. The hackers used a number of tactics to try and gain access to financial and personally identifying information. However, it should be noted that none of this information was obtained via a virus infection. All evidence points to these hackers utilizing phishing methods or hacking methods to gain access. While it may seem unbelievable that such a large company would be the victim of a cyber attack, the fact is that many large corporations have become victims in the past.
Now it appears that Solarwinds is taking measures to protect its intellectual property. This may include issuing a warning to customers and stating that any emails asking for personal information such as credit card numbers, bank account information, or social security numbers must be viewed with extreme caution. It is also offering a full refund to customers who have made a purchase based upon this phishing email. While this may placate some customers, it does not change the reality that the hackers did break into the company’s database. Solarwinds may also be planning on releasing an updated version of its software program that is different from the one used by hackers. However, given the fact that the hackers used a new phishing method, it is unlikely that this program will offer any protection against future attacks.
While the hackers gained access to information that could have been harmful to the company, they did leave behind evidence that could be helpful. Solarwinds is working to ensure that it can help customers restore their trust in the company. However, until such time, the company has posted a safety message on its website advising customers to contact the company with any questions or concerns regarding their solarwinds accounts. It has also issued a full refund to anyone who has already purchased solarwinds products.