Worst First Week Ever!
There is a lot of news about SUNBURST, the Solarwinds hack which has ruined the holiday season of many a system administrator, and it seems there several other interesting things about this hack which don’t pertain directly to the intrusion but which are still interesting.
The first is a wee little stock trade which, at first glance, seems more than a little fishy. Two of Solarwinds largest stockholders, Silver Lake and Thoma Bravo sold $286 million worth of Solarwinds shares on December 7th, a mere five days before the breach was publicly disclosed. As you might expect those shares have dropped significantly in value since the 12th. As we are starting to learn, the intrusion happened long before December 12th and it is quite likely that there were internal communications discussing the huge impact of the poisoned DLL in the week before it was publicly disclosed.
Those two may have a bad day some time in the future, however Sudhakar Ramakrishna has a new benchmark for awful timing. He is the newly appointed CEO of Solarwinds and according to The Register he had only been on the job for three days before this breach was presented to him. At the point it was brought to his attention over 18,000 customers were known to be affected, which puts him in the running for worst first week at work ever.
As for the breach itself, if anything it continues to get worse. The initial date of infection continues to move back to earlier in the year and there is even a possibility that there was a test run some time last year. Stay safe out there.
"The vulnerability has only been identified in updates to the Orion Platform products delivered between March and June 2020, but our investigations are still ongoing," the filing said.