US DoJ detected SolarWinds hack months before public disclosure

US DoJ detected SolarWinds hack months before public disclosure

The US Department of Justice, Mandiant, and Microsoft discovered the SolarWinds supply chain hack six months before the incident became widely known in December 2020, but didn’t realize the significance of what they found at the time, Wired reported.

The supply chain attack, which involved the attackers inserting a backdoor into SolarWinds’ Orion software, affected thousands of the company’s clients, including US federal agencies, among them the Department of Justice (DOJ), the Department of Defense, Department of Homeland Security, and the Treasury Department, as well as top tech and security firms including Microsoft, Mandiant, Intel, Cisco, and Palo Alto Networks. The US authorities attributed the hack to a threat group known as Nobelium believed to be directed by the Russian intelligence service SVR.

As per Wired’s report, the DoJ discovered the breach in late May 2020, when it detected unusual traffic coming from one of its servers running a trial version of SolarWinds Orion software, which was found communicating externally with an unfamiliar system on the internet. The agency launched an investigation into the incident together with Mandiant and Microsoft.

“Investigators suspected the hackers had breached the DOJ server directly, possibly by exploiting a vulnerability in the Orion software. They reached out to SolarWinds to assist with the inquiry, but the company’s engineers were unable to find a vulnerability in their code. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped,” the report says.

A month later the DoJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite.

The agency said it “notified the US Cybersecurity and Infrastructure Agency (CISA) about the breach at the time it occurred -- though a US National Security Agency spokesperson expressed frustration that the agency was not also notified.”

However, in December 2020, when the incident came to light and some of federal agencies were reported to have been hacked, neither the DoJ nor CISA revealed to the public that the breach had unknowingly been discovered months earlier. The DoJ initially said its chief information officer had discovered the breach on December 24.

Back to the list

Latest Posts

Cyber Security Week in Review: April 11, 2025

Cyber Security Week in Review: April 11, 2025

In brief: Microsoft fixes yet another Windows zero-day, Russian hackers continue to target military missions, and more.
11 April 2025
Hackers exploited zero-day flaw in Gladinet CentreStack software since March

Hackers exploited zero-day flaw in Gladinet CentreStack software since March

The issue stems from a hardcoded machineKey in the web application’s configuration file.
10 April 2025
Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

Intelligence agencies warn of Chinese spyware targeting Taiwan, Tibetan rights advocates

The advisory focuses on two spyware families, dubbed ‘BadBazaar’ and ‘Moonshine’ masquerading as seemingly legitimate apps.
9 April 2025