The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defense contractors and telecommunications companies for months by the time it was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.
An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.
On Monday, SolarWinds said its investigation found evidence the campaign began in September 2019, with the hackers injecting test code that month. The hackers’ patience was impressive. The malicious code that allowed backdoors to be surreptitiously opened on SolarWinds customers had been hidden in an upgrade by the end of February that was delivered to clients beginning the next month.
It would not be discovered for another nine months.
Associated Press writer Frank Bajak in Boston contributed to this report.