We recently wrote an article discussing, briefly, a data breach for the security firm FireEye. At the time, FireEye claimed that the breach was the result of a foreign attack, a state-sponsored cyberattack, an event that has unfortunately become the norm in 2020. As we, along with the rest of the country, have learned the FireEye breach was connected to the massive SolarWinds hack, one that many are calling one of the largest security breaches in U.S. history.
Here, we’ll talk about some of the basics of the attack, including how it happened and its impact. The lessons we can learn from the SolarWinds hack can emphasize just how important risk management is for companies large and small across the U.S.
What is the SolarWinds Hack?
In December, FireEye discovered a trojan attack in SolarWinds Orion business software updates. This attack was seen to distribute malware called SUNBURST, which allowed attackers to insert code into Orion updates so that they could take control of a victim’s network environment.
This malware infection was unique in that it was tightly controlled, promoting stealth and minimal detectability. This meant that the attackers could have had access to systems across the country as early as March or April 2020. The Orio platform is a SaaS product purpose-built for infrastructure monitoring meant to “simplify IT administration for on-premise, hybrid, and SaaS environments.” This product is widely used not only in the private sector but in public and governmental uses as well.
The fallout is significant. SolarWinds Inc. is one of the largest network, systems, and information technology infrastructure providers in the U.S., with an estimated 300,000 customers as of December 2020. As of this publication date, security experts are estimating that up to 18,000 SolarWinds customers could have been affected by the attack, and major tech companies and retailers like Microsoft, Cisco, Intel, and Nvidia have already admitted that their infrastructure has been exposed.
The effects run much deeper, however. The overlap between private and public systems have exposed private business and public organizations alike. Of the potential infections, many were linked to electrical, oil, and gas infrastructures as well as telecoms, manufacturers, and government agencies.
How Did the Attackers Access SolarWinds Systems?
Currently, the likely culprit is state-sponsored cyberterrorism. The Washington Post reports that a Russian group of hackers known as APT 29, or “Cozy Bear”, are responsible. This group is a known affiliate of the SVR, or Russian foreign intelligence services.
The attackers used SUNBURST to infect updates of the Orion software, which was then downloaded to customers’ systems as part of their normal maintenance and upkeep. These infections, however, did not immediately begin to affect the systems they were infiltrating. Instead, according to FireEye reporting, the malware would wait roughly two weeks before signaling to the hackers that they could access the system. During that time, the malware would gather data like employee credentials and network logs to determine which systems to further infect and manipulate.
FireEye reports that of the thousands of systems infected, they only have evidence of about 50 that were entered using the malware. However, this insight is limited because many industrial and manufacturing operations have little to no reporting, logging, and security measures in place to handle this kind of breach.
FireEye does note, however, that the attack is not over, and should be considered an ongoing threat. Due to the use of stealth and cloud infrastructure, the attackers were able to hide their actions and the full extent of their infiltration is yet to be seen.
The Impact of the SolarWinds Hack on Businesses
The SolarWinds hack has, perhaps most significantly, shown how interconnected many businesses are in the tech, retail, service, and infrastructure spaces are. With shared cloud resources and managed services, serious security breaches can have ripple effects across different and disparate systems and organizations.
The full impact of the hack is still unknown, specifically because no one knows the full extent of the damage. However, several companies like Visa and Cisco are emerging to state that they are not seeing any widespread loss of data in their systems.
As businesses continue to monitor the problem, it is likely we may see more severe fallout including:
- Identity and credit theft: if the hack resulted in customer databases being compromised in any way, then it could be the case that we will see a new wave of credit card fraud. Since state-sponsored cyberattacks target both private and public institutions to destabilize, then several waves of fraud could be in our future.
- A major overhaul of government cybersecurity: Federal agencies using SolarWinds products in any capacity are likely to beef up security measures in response. It is yet unknown if there will be corresponding updates to federal security regulations as part of that response.
- Potential outages or utility disruption: This is the most far-fetched item, but one that security experts fear for the most. Evidence from specialists shows that there are no known threats to the utility grid in the U.S. due to the hack. As our understanding of the hack evolves, however, this could change.
The goal of infecting critical oil, gas, power, and water systems were to gain more knowledge of their workings and, if possible, disrupt them. While experts are telling us not to panic, this event is a signal of the future of cyberterrorism and how modern warfare and cybersecurity will look for the foreseeable future.
What Can Businesses Do to Protect Against Attacks Like the SolarWinds Hack?
This is the million-dollar question and one that is not easily answered. Users of SolarWind Orion weren’t expecting their network management software to come with malware, and as such weren’t necessarily prepared for it.
All this means is that and data-driven business in the U.S. right now needs to address some specific priorities about their data security:
- Compliance is a business strategy, not a requirement. Yes, you need compliance in whatever regulations are called for in your respective industries. What this hack shows us is that compliance should be the foreground of our collective security preparation and not a checklist of “must-do” tasks.Pay attention to the kinds of requirements that your industry’s regulations call for and, if possible, exceed them. That means encryption, reporting, logging, and authentication should all be field-leading technologies.
- Audit, audit, audit. Likewise, auditing for compliance should be an exercise in defense, not a box to check. Work with professionals that know your industry and regulations and who understand the ins and outs of security in that industry.Furthermore, don’t take for granted that you can not understand those regulatory requirements anymore. Form real partnerships with third-party auditors and consultants in cybersecurity and learn what it means to stay as secure as possible.
- Prioritize data transparency and access. One of the major issues that many security experts, including FireEye, have pointed out is that many of the businesses affected didn’t have transparent data practices in place to trace file access and the bigger picture of the situation. This point also includes extensive reporting above and beyond any compliance requirements you may have.Your compliance and security measures should also include the capabilities to develop action plans based on real intelligence, and that can only come from having a complete picture of your data.
- Manage risk. Always know what kind of risk you can tolerate as an organization. In light of these attacks, those requirements might have changed. You can’t know what you need and don’t need, and the kind of risk you’re willing to take, without the right insights in place to make the best decisions.
- Vet your vendors. Anything that you expect from your organization, expect from any cloud, security, or software vendors. This includes additional compliance that might not necessarily be required by your industry–for example, extensive SOC compliance.
Work with the Experts at Lazarus Alliance
Don’t let security problems announce themselves to you in the newspapers. Stay ahead of threats with tight security, compliance, and risk management.
Learn more about how you can pursue the best security, reporting, logging, and risk management practices suited to your business. Call us at 1-888-896-7580 or through the form below. And tap into your Cybervisor Services to work with some of the top security experts in the industry.
What Is Autonomous Malware?
We’re reaching the end of 2025, and looking ahead to 2026, most experts are discussing the latest threats that will shape the year ahead. This year, we’re seeing a new, but not unexpected, shift to autonomous threats driven by state-sponsored actors and AI. With that in mind, a new generation of threats, broadly known as...Continue reading→
What CISA’s Emergency Directive 26-01 Means for Everyone
In mid-October 2025, the CISA issued one of its most urgent orders yet: Emergency Directive 26-01. The directive calls on all Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate vulnerabilities in devices from F5 Networks following a state-sponsored breach of F5’s systems and access to portions of BIG-IP source code and vulnerability data. The event...Continue reading→
Cybersecurity and Vetting AI-Powered Tools
A recent exploit involving a new AI-focused browser shone a light on a critical problem–namely, that browser security is a constant issue, and AI is just making that threat more pronounced. Attackers discovered a way to use that browser’s memory features to implant hidden instructions inside an AI assistant. Once stored, those instructions triggered unwanted...Continue reading→
Shutdown Security And Cyber Vulnerability
When the federal government shuts down, the public sees closed monuments, unpaid workers, and halted programs. What they do not see is the silent surge of cyberattacks targeting agencies already operating on fumes. During the most recent shutdown, attacks against U.S. government systems spiked by nearly 85%. Cybersecurity failures during government disruptions rarely start with...Continue reading→
Identity and the Shift from Malware
The world of cyber threats is rapidly evolving, and while we can see these changes more generally, it’s always crucial to understand them concretely. As the 2025 CrowdStrike Global Threat Report shows us, the landscape of our industry is changing. We’re digging into this report to discuss a challenging trend: the move of hackers foregoing...Continue reading→
Maintaining Compliance Against Prompt Injection Attacks
The increasing adoption of AI by businesses introduces security risks that current cybersecurity frameworks are not prepared to address. A particularly complex emerging threat is prompt injection attacks. These attacks manipulate the integrity of large language models and other AI systems, potentially compromising security protocols and legal compliance. Organizations adopting AI must have a plan...Continue reading→
Are We Already Talking About CMMC 3.0?
The ink has barely dried on the CMMC final rule, and already the defense contracting community is buzzing with speculation about what comes next. Just when contractors thought they had a moment to catch their breath after years of regulatory limbo, whispers of CMMC 3.0 have begun circulating through the industry. But is this just...Continue reading→
Centralizing Identity-Based Risk
As the traditional network boundary dissolves and remote work becomes standard practice, identities are the major frontier for security. Whether we’re talking about human users, service accounts, or machine identities, these have emerged as both the primary access mechanism and the most targeted attack vector. It has become imperative for providers to centralize identity management...Continue reading→
Deviation and Significant Change Requests in FedRAMP: A Comprehensive Guide
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. While the program’s rigorous baseline requirements ensure consistent security, the reality is that this consistency calls for a little flexibility. This is where deviation requests and significant change requests come into play. These two...Continue reading→
The Costs of Compliance and Data Breaches
Data is possibly one of the most valuable assets any organization holds. Customer information, employee records, and proprietary business intelligence present challenges because the data flowing through modern enterprises represents both significant opportunities and serious risks. Businesses face a challenging balance: investing in compliance measures to protect sensitive information while also preparing for the real...Continue reading→
Related Posts