6 out of 11 EU Agencies Running SolarWinds Orion Software Were Hacked

6 out of 11 EU Agencies Running SolarWinds Orion Software Were Hacked

SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed.


European Commissioner for Budget and Administration Johannes Hahn confirmed the hack of some EU agencies as result of the SolarWinds supply chain attack in a response to a question filed by an EU Parliament member in February 2021.

The EU official response is based on the results of an investigation conducted by the EU Computer Emergency Response Team (CERT-EU).


CERT-EU confirmed that 14 EU agencies were running the SolarWinds Orion monitoring software, and six of them were breached. Anyway, the CERT-EU did not reveal the name of the EU agencies that installed the tainted Orion updates.


In December 2020, SolarWinds revealed that 18,000 customers might have been impacted by the cyber attack against its supply chain. The alarming data emerged in a filing with the Securities and Exchange Commission (SEC) on Monday.


Nation-state actors, allegedly Russia-linked hackers have compromised the networks of several US government agencies, including the US Treasury, the Commerce Department’s National Telecommunications and Information Administration (NTIA). The hack allowed the threat actors to spy on the internal email traffic.


A report published by the Washington Post, citing unnamed sources, attributes the attacks to APT29 or Cozy Bear, the Russia-linked APT that’s believed to have recently compromised the top cybersecurity firm FireEye.