Intel, Nvidia Swept Up In SolarWinds Attack: WSJ
The chipmakers say they are investigating the impact of downloading a software update containing malicious code for SolarWinds Orion — the trigger that has left many SolarWinds customers vulnerable — though there is no evidence of any negative impact.
Intel and Nvidia have joined the growing list of companies that have been swept up in the massive hacking campaign perpetrated through SolarWinds’ Orion network monitoring software.
The Santa Clara, Calif.-based chipmakers said in separate statements that they are investigating the impact of downloading a software update containing malicious code for SolarWinds Orion — the trigger that has left many SolarWinds customers vulnerable — though there is no evidence of any negative impact.
[Related: SolarWinds Deploys CrowdStrike To Secure Systems After Hack]
“We have no evidence at this time that Nvidia was adversely affected,” an Nvidia spokesperson said in a statement to CRN. “Our investigation is ongoing.”
The Wall Street Journal reported Monday morning that Intel and Nvidia were among at least 24 organizations that were impacted by hackers who inserted malicious code into an update for SolarWinds Orion, which has also led to breaches at several U.S. government agencies, including the Treasury and Commerce Departments as well as the Departments of Defense, State, Energy and Homeland Security.
Intel did not respond to a request for comment, but a company spokesperson told the newspaper that there are no signs that hackers used malicious SolarWinds code to gain a backdoor into its network.
Other impacted companies identified by The Wall Street Journal include Wi-Fi router and home networking equipment maker Belkin International and consulting firm Deloitte Consulting. Boston companies told CRN that they have taken steps to mitigate the incident and that there was no evidence of any negative impact. They join an expanding list of companies impacted by the SolarWinds attack that includes Microsoft, Cisco Systems and VMware.
The Washington Post first reported Dec. 13 that the SolarWinds attack was part of a campaign orchestrated by the Russian foreign intelligence service, also known as APT29 or Cozy Bear.
Secretary of State Mike Pompeo Friday blamed Russia for injecting malicious code into updates of the SolarWinds Orion, telling conservative talk radio host Mark Levin that “we can say pretty clearly that it was the Russians that engaged in this activity.” President Donald Trump, however, contradicted Pompeo a day later, laying the blame on China without citing any evidence.
Dominic Daninger, vice president of engineering at Nor-Tech, a high-performance computing system builder that partners with Intel and Nvidia, said a lot of proprietary technology, including Intel’s next-generation processors and Optane memory technology, is at stake if foreign actors were successful in breaking into both companies’ networks and in stealing information.
“That kind of stuff can be very damaging and have a lot of potential future damage to it,” he said.
A data breach for Intel specifically could compound the company’s other issues, which includes increasing competition from Arm-based processors being used by customers.
“I just saw, for example, last weekend, that now Microsoft is looking at doing an Arm approach, much like Apple did, so Intel‘s got plenty of issues there,” he said. “They don’t need to have their proprietary technology [taken by] a foreign power also.”
If Intel and Nvidia did suffer from a data breach, both companies would likely have to disclose the incidents with customers, partners and shareholders, Daninger said.
“I think it’s been very difficult for anybody here to really assess how much damage [has been done], and then, to some degree in the private space, if they do talk about it very much, it can be even more harmful,” he said.