FXMSP hacker “the invisible God of networks” was selling access to SolarWinds servers in 2017
In recent years SolarWinds has established itself as one of the most important companies in the development of IT solutions: “There is no one in the market really close in terms of the breadth of coverage we have; we manage any other company’s network team,” said Kevin Thompston, executive director of the Texas-based firm.
The facts support Thompston’s words, although other recent events also emphasize the severe problems that the industry in general may experience when software that keeps its operations afloat is embroiled in hacking incidents.
At the start of the week, SolarWinds confirmed that Orion Plarform, its network management software, was abused by a group of threat actors in order to deploy an international-scale cyber spying operation.
Malicious hackers reportedly managed to inject malicious code into Orion updates distributed to more than 17,000 business customers. Although investigators close to the incident believe that the incident did not affect all potentially exposed users, it has already been shown that hackers gained access to organizations such as the Treasury Department and the U.S. Department of Commerce.
Initially several members of the cybersecurity community claimed that the attack would have been deployed by hackers sponsored by the Russian government, although other specialists consider it still too premature to draw conclusions.
Shortly after the company revealed the security incident, multiple criminals began selling access to multiple SolarWinds computers on hacking forums. One of the criminals behind these publications, self-called , has been wanted by the Federal Bureau of Investigation (FBI) for years due to his alleged involvement in multiple high-profile incidents.
Hacking incidents are not the only problem facing the company, as poor security practices have proven to be an issue that SolarWinds is not exempted from: “Months ago we sent a security alert to the company to inform them that any user could access their update server using the password “solarwinds123,” said Vinoth Kumar, computer security researcher.
Experts do not rule out that this campaign is part of an “fxmsp” plan to compromise business and government networks around the world, although more details will need to be revealed to confirm these assumptions.
Originally published at https://www.securitynewspaper.com on December 17, 2020.