According to RiskRecon, a risk assessment firm, many companies that were exposed to the SolarWinds Orion espionage campaign have not followed protocol and taken necessary measures to disclose the incident. Several companies are still exposing malicious software to the internet, according to the firm. Threat actors believed to be Russian nationals were responsible for the distribution of malicious software through a supply chain attack to roughly 18,000 customers. Hundreds of victims that were of special interest to the hackers received other payloads that offered deeper access.
RiskRecon stated that it observed 1,785 organizations still exposing the compromised Orion software to the internet as of December 13, 2020. By February 1, 2021, 1,330 organizations were still displaying malicious content while 8% of the companies applied the Orion update that was released in response to the breach. Another hacking group was also allegedly targeting SolarWinds, delivering malware and exploiting a zero-day vulnerability in Orion. SolarWinds has since patched this exploit as well.
