Autodesk Disclosed it was Targeted in SolarWinds Hack

 

Autodesk has disclosed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain assault, nearly nine months after finding that one of its servers had been compromised with Sunburst malware. 

It is an American multinational software corporation that makes software products and services for the architecture, engineering, construction, manufacturing, media, education, and entertainment industries. 

In a recent 10-Q SEC filing, Autodesk stated. "We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents." 

"While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations." 

While the company went on to state that there was no additional damage to its systems, the company's announcement of the breach in its most recent quarterly results serves as a reminder to the world of how widespread the SolarWinds supply chain breach was. 

An Autodesk spokesperson told BleepingComputer that the attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn't act quickly enough before they were detected. 

The spokesperson stated, "Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied. Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation." 

One of 18000 tech firms targeted in a large-scale cyber attack

SolarWinds' infrastructure was hacked as a result of a supply-chain assault conducted by the Russian Foreign Intelligence Service's hacking division (aka APT29, The Dukes, or Cozy Bear). 

The attackers trojanized the Orion Software Platform source code and build issued between March 2020 and June 2020 after obtaining access to the company's internal systems. These malicious builds were then used to deploy the Sunburst backdoor to around 18,000 clients, but fortunately, the threat actors only chose a small number of people for second-stage exploitation. 

Before the assault was revealed, SolarWinds stated to have 300,000 clients globally [1, 2], including over 425 US Fortune 500 firms and all ten of the top 10 US telecom corporations. 

A long list of government agencies was also among the company's clients (the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States). 

The US Department of Justice was the latest US official agency to reveal that during last year's SolarWinds global hacking spree, 27 US Attorneys' offices were compromised. 

Although Autodesk was not the only big corporation attacked in the SolarWinds breach, other companies such as Cisco, VMware, Intel, and Nvidia revealed similar issues in December.