The first steps in the late 2020 hacking of the US Treasury Department may have begun at least nine months earlier with the suspected initial breach of SolarWinds networking software.
Following a Homeland Security agency's report that SolarWinds are not the only firm exploited in the hack, that network company is continuing to investigate as well. Its new CEO, Sudhakar Ramakrishna, says that there is evidence SolarWinds was originally hacked in December 2019.
According to the Wall Street Journal, Ramakrishna joined SolarWinds after the hack of the National Telecommunications and Information Administration (NTIA). He says that responding to the hack, in terms of both investigation and securing against a future repeat, will cost millions of dollars.
"My attitude was to come in and assess first and figure out what we needed to do," said Ramakrishna. "We have been evaluating mountains of data."
"[We found that some] email accounts were compromised. That led them to compromise other email accounts and as a result our broader [Office] 365 environment was compromised."
Ramakrishna is not yet ruling out that hackers may have infiltrated the company's Office 365 email accounts even earlier, but says that is one of several possibilities being investigated.
According to the Wall Street Journal, SolarWinds has hired a series of security experts to help respond to the incident. They include Chris Krebs, formerly of the Department of Homeland Security, plus Alex Stamos, formerly Facebook's chief security officer.
Among the security companies hired to assist is CrowdStrike Holdings. Senior vice president Adam Meyers described the hack as "a pretty significant incident."
"Frankly I don't even know that we've scratched the surface on this thing," he said.
Both SolarWinds and Homeland Security investigations are continuing.