SolarWinds Cyberattack Fallout: Wells Notices For CFO and CISO

In an SEC filing, business software company SolarWinds says that current and former executives, including its CFO and CISO, received notices that they may be subject to civil enforcement action in relation to the 2020 SolarWinds Orion cyberattack (Sunburst). Russian intelligence hackers gained access to government agencies and private sector organizations in the attack. In December, Microsoft President Brad Smith said that more than 40 of the company’s customers were precisely targeted and compromised through Orion updates. Among them are: Belkin International, which sells home and office Wi-Fi routers; Cisco, the California-based networking company; internet provider Cox Communications; and the California Department of State Hospitals. According to Bloomberg, more than 20 computers in a Cisco lab were compromised through malicious updates to SolarWinds’ Orion network monitoring platform. Additionally, Russian hackers monitored staff emails sent at the Commerce Department’s National Telecommunications and Information Administration for months, and email systems used by the U.S. Treasury Department’s senior leadership were compromised.