The location of the hack itself may also have played a role. Investigators are in the process of determining whether the hack violated SolarWinds offices in Eastern European countries such as Belarus, the Czech Republic and Poland. Engineers had wide access to the compromised Orion network software in the hack, and Russia is said to be more familiar with the area.
the Times also claims that SolarWinds was slow to address security, taking over security officials in 2017 in response to EU privacy law and allegedly ignored adviser Ian Thorton-Trump’s calls for internal safeguards ” more proactive ”. Thorton-Trump left the company frustrated by the lack of response to his concerns.
SolarWinds declined to comment on questions regarding its security, recalling instead that it was the target of a “highly sophisticated, complex and targeted cyber attack.”
The extent of the damage is not certain, although it is already clear that the culprits accessed Microsoft source code and attacked the security firm CrowdStrike in addition to federal agencies and other victims. It may take months or more before you know how the hack happened and, more importantly, what damage was done.