According to new reporting from Wired, the Department of Justice detected the SolarWinds attack six months before Mandient detected it in December 2020 but failed to realize the significance of the breach and ignored it. The DOJ detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, which was communicating externally with an unfamiliar system on the internet. The department asked the security firm Mandiant to help determine whether the server had been hacked, and it engaged Microsoft to investigate. Investigators suspected that the hackers had breached the DOJ server directly, exploiting a vulnerability in the Orion software.
The DOJ reached out to SolarWinds to assist with the inquiry, but the company’s engineers were unable to find a vulnerability in their code. In July 2020, with the mystery still unresolved, communication between investigators and SolarWinds stopped. A month later, the DOJ purchased the Orion system, suggesting that the department was satisfied that there was no further threat posed by the Orion suite. However, this was not the case, and the SolarWinds hack went undetected until Mandiant discovered it in December 2020.
This revelation raises concerns about the government’s ability to detect and respond to cyber threats effectively. It also underscores the importance of timely and efficient communication among agencies and private companies to prevent and mitigate attacks. The SolarWinds hack, which affected numerous federal agencies and private companies, was one of the most significant cyberattacks in recent history, highlighting the need for stronger cybersecurity measures and collaboration among stakeholders.
In conclusion, the DOJ’s failure to realize the significance of the SolarWinds attack six months before it was detected by Mandiant raises serious questions about the government’s preparedness and response to cyber threats. The incident highlights the need for timely and effective communication among agencies and private companies to prevent and mitigate attacks. The SolarWinds hack underscores the growing importance of cybersecurity in today’s digital landscape and the need for stronger measures to protect against increasingly sophisticated threats.