Four Security Vendors Report SolarWinds-Related Hacks


Mimecast previously reported a major breach in which hackers infiltrated its network and used digital certificates used by one of its security products to access the Microsoft 365 accounts of some of its customers. Now Mimecast representatives have reported on their blog that they link the incident to the Trojanized SolarWinds Orion application installed on the company's network.


Cybersecurity software and networking vendor Palo Alto Networks is another major company that has notified the SolarWinds-related incident. Company representatives told Forbes that in September and October 2020, experts recorded two hacks related to SolarWinds software. At the time, experts were investigating the break-ins as separate incidents and did not detect a broader supply chain attack. Security experts then concluded that "the attack attempt was unsuccessful and no data was compromised."


Erik Hjelmvik, founder of network security company Netresec, has published a list of 23 domains that SolarWinds hackers have used to deploy Layer 2 payloads on infected networks. The two domains were called “corp.qualys.com” and indicated that the company might have been the victim of a cyber attack. The company noted that the hack was not as widespread as it appears, and the engineers installed a Trojan version of the SolarWinds Orion application in a lab environment for testing purposes, separate from the main network.


The fourth message came from the director of information security of Chris Kubic, Fidelis Cybersecurity. The company also installed a Trojan version of the SolarWinds Orion application in May 2020 as part of a "software assessment," Kubich said. The software was installed on a test system. Despite the attacker's attempts to expand their access to the Fidelis internal network, the test system was "isolated enough and too rarely turned on for the attacker to proceed to the next stage of the attack."

Previous Post Next Post