The group behind the SolarWinds hack also tried to compromise a top security firm. CrowdStrike now says that it too was targeted by the group. According to CrowdStrike, the attempt happened “during a 17-hour period several months ago,” when hackers tried to access the company’s email.
Though CrowdStrike says the attempt was ultimately unsuccessful, it offers further insight into the scale of the hacking operation, which US government officials have attributed to Russia. As Reuters points out, SolarWinds is so far the only company known to have been successfully targeted by the group. The company’s Orion software, widely used among major companies and US government agencies, was compromised giving hackers potential access to email and other sensitive data.
The fact that CrowdStrike was also targeted suggests the hackers could have cast a wider net than investigators previously realized. The Cybersecurity and Infrastructure Security Agency (CISA) is still unraveling just how big an impact the SolarWinds hack has had. The agency said earlier this week that state and local governments were also affected, “as well as critical infrastructure entities and other private sector organizations.”