SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad-Based Attack

SolarWinds CEO Confirms Office 365 Email ‘Compromise’ Played Role In Broad-Based Attack

SolarWinds CEO Sudhakar Ramakrishna verified Wednesday “suspicious activity” in its Office 365 environment allowed hackers to gain access to and exploit the SolarWinds Orion development environment.

Hackers most likely entered SolarWinds’s environment through compromised credentials and/or a third-party application that capitalized on a zero-day vulnerability, Ramakrishna said.


“We’ve confirmed that a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles,” he said in the blog post. “By compromising credentials of SolarWinds employees, the threat actors were able to gain access to and exploit our Orion development environment.”


The beleaguered Austin, Texas-based IT infrastructure management vendor said a SolarWinds email account was compromised and used to programmatically access accounts of targeted SolarWinds personnel in business and technical roles.


By compromising the credentials of SolarWinds employees, Ramakrishna said the hackers were able to gain access to and exploit the development environment for the SolarWinds Orion network monitoring platform. SolarWinds was first notified by Microsoft about a compromise related to its Office 365 environment on Dec. 13, the same day news of the hack went public.


[Related: SolarWinds CEO: Attack Was ‘One Of The Most Complex And Sophisticated’ In History]


SolarWinds’s investigation has not identified a specific vulnerability in Office 365 that would have allowed the hackers to enter the company’s environment through Office 365, he said Wednesday. A day earlier, Ramakrishna told The Wall Street Journal that one of several theories the company was pursuing is that the hackers used an Office 365 accou ..