The US Securities and Exchange Commission has launched an investigation related to the SolarWinds cyberattack, which was first discovered in December 2020 and may have lasted for over a year, Reuters reported, citing two anonymous sources. The commission reportedly sent letters to the companies that were affected by the cyber breach at SolarWinds, notifying them about the ongoing probe.
According to Reuters' sources, the SEC is looking for details that could indicate insider trading and failure to disclose "failings" that may have taken place in these companies.
US investigators previously determined that a group of hackers managed to get access to a build system of SolarWinds as early as September 2019, planting malicious code in software updates for the company's products – specifically the network monitoring app Orion. Via these updates, the hackers managed to inject Trojans into the computers of around 18,000 SolarWinds clients using Orion, thereby giving the perpetrators access to the machines.
The computers of numerous private companies, government agencies and departments, as well as American military branches were affected by the cyberattack. US authorities claimed that the hacker group was backed by the Russian government. Moscow strongly rejected the accusations, pointing out that Washington failed to present any tangible proof to back such claims.
