The location of the hacking itself may have played a role as well. Investigators are determining whether or not the hack breached SolarWinds’ offices in eastern European countries like Belarus, the Czech Republic and Poland. Engineers there had wide access to the Orion network software compromised in the hack, and Russia would have more familiarity with the region.
The Times also claims that SolarWinds was slow to address security, taking on security execs in 2017 in response to EU privacy law and reportedly ignoring adviser Ian Thorton-Trump’s calls for “more proactive” internal safeguards. Thorton-Trump left the company in frustration with the unresponsiveness to his concerns.
SolarWinds has declined to comment on questions about its security, instead reiterating that it was the target of a “highly sophisticated, complex and targeted cyberattack.”
The full extent of the damage isn’t certain, although it’s already clear that the…