In 2019, hackers used SolarWinds software as a vector into thousands of the company’s customers to steal data from U.S. federal government agencies and tech giants like Intel, Cisco, and Microsoft. For WIRED Kim Zetter recounts what little is known about the hackers, their intents, and the repercussions, four years later.
Adair and his colleagues dubbed the second gang of thieves “Dark Halo” and booted them from the network. But soon they were back. As it turned out, the hackers had planted a backdoor on the network three years earlier—malicious code that opened a secret portal, allowing them to enter or communicate with infected machines. Now, for the first time, they were using it. “We shut down one door, and they quickly went to the other,” Adair says.
The perpetrators had indeed hacked SolarWinds’ software. Using techniques that investigators had never seen before, the hackers gained access to thousands of the company’s customers. Among the infected were at least eight other federal agencies, including the US Department of Defense, Department of Homeland Security, and the Treasury Department, as well as top tech and security firms, including Intel, Cisco, and Palo Alto Networks—though none of them knew it yet. Even Microsoft and Mandiant were on the victims list.