From the Wall Street Journal on Dec. 21:
Deloitte, infected in late June according to the Journal’s analysis, said in a statement it “has taken steps to address” the malware but hasn’t “observed indications of unauthorized access to our systems at this time.”
Along with Deloitte, a WSJ analysis revealed that the suspected Russian hackers behind the SolarWinds breaches at U.S. government agencies also gained access to major U.S. technology companies, at least one hospital, and a university.
Some of the other victims include:
- Cisco Systems Inc.
- Intel Corp.
- Nvidia Corp.
- VMware Inc.
- Belkin International Inc.
- California Department of State Hospitals
- Kent State University
The WSJ said it identified infected computers at two dozen organizations that installed tainted network monitoring software called SolarWinds Orion that allowed the hackers in via a covertly inserted backdoor. It gave them potential access to a goldmine of sensitive corporate and personal data.
SolarWinds said that it traced activity from the hackers back to at least October 2019 and that it is now working with security companies, law enforcement, and intelligence agencies to investigate the attack, according to the WSJ.
SolarWinds Hack Victims: From Tech Companies to a Hospital and University [Wall Street Journal]