Day Nine of the SolarWinds Crisis: Treasury Department Breach Confirmed

A slew of high-tech firms infected by malware, Former SolarWinds adviser claims he warned of security problems, Microsoft publishes critical guidance

(As we reach the end of our open access to Metacurity’s daily emails and our special reports, we urge you to consider signing up now for a premium subscription. Or better yet, email us at and let us know your organization is interested in a special bulk license. Just don’t miss out on our unique content and upcoming premium offerings. Thank you for reading Metacurity.)

Dozens of email accounts at the U.S. Treasury Department were breached as part of the SolarWinds hack, Senator Ron Wyden (D-OR) said, and Treasury Secretary Steven Mnuchin confirmed, saying the hackers penetrated only the unclassified network.

Microsoft and not the U.S. intelligence agencies informed the Treasury Department of the email breach. (Raphael Satter / Reuters)

Related: NBC News, ReutersChannel News AsiaTODAYonline, Financial Times TechnologyCRNRT News, New York Times, Reddit - cybersecurityAP Top NewsCBSNews.comUPI.comPoliticoThe Hill: Cybersecurity, : Top News, Bloomberg PoliticsYahooRaw StoryThe GuardianCourthouse News ServiceStars and Stripes,  Business Insider

The reach of infected victims of the SolarWinds hack extends to at least two dozen organizations, including top technology giants Cisco Systems, Intel, Nvidia, Deloitte LLP, VMware, and Belkin.

The hackers were also able to install surveillance backdoors into the California Department of State Hospitals and Kent State University systems. (Kevin Poulsen, Robert McMillan, Dustin Volz / Wall Street Journal)

Related: ZDNet, Dark Reading: Attacks/Breaches, MarketwatchTechTargetEngadgetCRN, Cyberscoop, New York Times - Nicole Perlroth, The Verge


Ian Thornton-Trump, a former security adviser to SolarWinds, says he warned the company in 2017 that its survival depended on “an internal commitment to security.”

He terminated his contract with the company shortly after informing of this matter because he believed it wasn’t making changes that would have a “meaningful impact.” (Ryan Gallagher / Bloomberg)

Related: Reddit-hackingIT Pro,  Daily Mail, Reddit-hackingTechnology -

Microsoft published two important blog posts related to the SolarWinds hack. The first offers guidance on the techniques to consider when helping an organization respond to suspected identity compromise.

The second focuses on understanding and detecting the kinds of identity compromises used in attacks on several organizations.

Follow Us on Twitter

Photo by Ted Eytan from Washington, DC, USA - 2019.10.04 DC People and Places, Washington, DC USA 277 09012-2, CC BY-SA 2.0,