No other products were identified to contain malicious code similar to the one found in the Orion platform, IT software company SolarWinds said on Tuesday.
The company's assertion comes after it carried out an internal audit of all its applications after news broke on Sunday[1] that Russian state-sponsored hackers breached its internal network and inserted malware inside Orion[2], a network monitoring and inventory platform.
The malware, named SUNBURST[3] (or Solorigate[4]), was inserted in Orion app versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.
"We have scanned the code of all our software products for markers similar to those used in the attack on our Orion Platform products identified above, and we have found no evidence that other versions of our Orion Platform products or our other products contain those markers," the company said today.
"We have also found no evidence that our SolarWinds MSP products, including RMM and N-central, and any of our free tools or agents contain the markers mentioned above," it added in an update to a security advisory[5] it initially published on Sunday.
But while SolarWinds was happy that the malware didn't make its way into other products, the fact that it made it into Orion, one of its most popular offerings, was more than enough.
In SEC filings on Monday, SolarWinds said that of its 300,000 total customers, more than 33,000 used the Orion platform, and about 18,000 downloaded the malware-laced versions.
However, hackers didn't bother accessing the networks of all these companies; instead, only restricting themselves to breaking into a few selected targets. At the time of writing, the list of known victims hacked by using the Orion platform as an entry point includes the likes of:
- US cybersecurity firm FireEye
- The US Treasury Department