(Bloomberg) — Government agencies and major corporations outside the U.S. are reviewing their computer systems for signs of security breaches, after a hacking campaign that inserted malware in software updates from U.S. company SolarWinds Corp.
The U.S. government on Sunday said it had been hit by cyber-attacks, and all federal civilian agencies were ordered by the U.S. Cybersecurity and Infrastructure Security Agency to review their networks and disconnect or power-down SolarWinds Orion products immediately.
Austin, Texas-based SolarWinds sells technology products to an extensive list of sensitive targets, including all five branches of the U.S. military. Outside the U.S., SolarWinds has picked up contracts for the U.K. National Health Service, European Parliament, and NATO, according to details on its website. The company said it has more than 300,000 customers worldwide, including a large number of the U.S. Fortune 500.
NATO said in a statement that it was “currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks.” A spokesperson from the European Parliament did not respond to a request for comment.
A U.K. government official, speaking on condition of anonymity, said the government is assessing the degree of infiltration in British networks, and added that the APT29 group — a notorious hacking group tied to the Russian government — is a potential suspect.
The U.K. government is a significant client of SolarWinds. According to marketing materials and procurement documents, the Orion platform is used by Home Office as well as regional police forces.
The U.K. health sector is also heavily exposed to potential vulnerability within SolarWinds’ software. The U.K. agency that regulates medicines and medical devices is a client, while AstraZeneca Plc, the company behind a potential Covid-19 vaccine, recently advertised for a senior consultant role that required experience working with SolarWinds’ products.
AstraZeneca declined to comment.
Kevin Thompson, SolarWinds president and chief executive officer, said in a statement that the vulnerability related to software updates released between March and June 2020. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” Thompson said.
The vulnerability focuses on an update to SolarWinds’ “Orion” IT monitoring platform, cyber-security firm FireEye said, adding that the hackers hit organizations across the globe — in North America, Europe, Asia and in the Middle East — and in multiple sectors including government, technology, consulting telecommunications, as well as oil and gas.
“Each of the attacks require meticulous planning and manual interaction,” said Kevin Mandia, FireEye’s CEO, in a blog post on Sunday. Mandia added that FireEye was in the process of notifying those affected and was working with the U.S. FBI to aid an investigation.
Government Communications Headquarters, the U.K.’s electronic surveillance agency, is another customer listed on SolarWinds’ website. The agency’s director general, Jeremy Fleming, said on Monday that he had “no news” on the impact of the breach on British organizations. Prime Minister Boris Johnson’s spokesman Jamie Davies separately said on Monday that the government was “not aware” of any impact on the U.K. arising from the cyber attacks.
SolarWinds states on its website that it helps its customers manage their computer networks and monitor them for potential data breaches. The company said it uses “sophisticated detection systems including access, event, and log management” to “help central government IT teams more easily monitor and ensure cybersecurity.”