US markets watchdog the Securities and Exchanges Commission (SEC) has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised.
Unnamed sources familiar with the investigation have told Reuters the US financial regulator recently sent out letters to businesses seeking clarification, amid concerns that not everyone has come clean.
The news agency also said the SEC is keen to know whether "public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading", which could also involve issues around data protection.
SolarWinds is the maker of the Orion network infrastructure monitoring platform which was compromised last year, with miscreants apparently romping through some 18,000 of SolarsWinds' Origin customers' servers using malware installed via an update server.
Microsoft president Brad Smith called it "the largest and most sophisticated attack the world has ever seen," and said his firm's analysis suggested the code behind the crack was the work of 1,000 or more developers.
Among other exploits, the wrong'uns apparently gained access to the networks of multiple US government departments via backdoored IT tools, including the US court system and its nuclear weapons agency, as well as managing to inject malware onto Microsoft's own systems. At the end of last year, Microsoft confirmed it had "detected malicious Solar Winds binaries in our environment, which we isolated and removed."
No one from the SEC was available for comment at the time of writing, although El Reg was interested to read that the market and securities watchdog recently paid out $5.3m to whistleblowers in two separate cases for providing "information and assistance in separate enforcement proceedings."
- Biden to Putin: Get your ransomware gangs under control and don’t you dare cyber-attack our infrastructure
- Feds seize two domains used by SolarWinds intruders for malware spear-phishing op
- Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency
- Here's what Russia's SVR spy agency does when it breaks into your network, says US CISA infosec agency
Russia has denied any involvement in the attack, although it obviously would do. ®