The infected SolarWinds software is also being developed in Brno, and the Czech state is among the customers

Vulnerable software from a Texas company SolarWinds, through which the Russian hackers apparently succeeded get into the systems of US ministries and probably other organizations around the world, is also established in the Czech Republic. SolarWinds has been operating a development center in Brno since 2008, which has gradually grown to the largest and one of the most important in the entire company.

“We are very satisfied with Brno, universities produce a large number of people. Other companies such as NetSuite and others, which also have large offices in Brno, see this. We have over thirty offices around the world, but Brno is one of the main ones for us, “said SolarWinds Technology Director for Lupa earlier. Joe Kim.

SolarWinds in Brno employs about 350 people, with the total annual cost of them reaching almost half a billion crowns. The company in Moravia is looking for other job seekers who, like the existing employees, should also participate in the development of today’s problematic Orion software platform. The Texas company has a long-term cooperation with universities and is involved in various activities. For example, this year he concluded a bronze partnership with BUT.

SolarWinds does not comment on the extent to which Brno is interfering in the current global problem. The attack involves a total of fourteen applications, which are often used to monitor and manage networks, servers and applications. Examples include NetFlow Traffic Analyzer, Log Analyzer, Server and Application Manager, and more. Many others are not to be affected.

These and other tools are used in the Czech Republic by a number of public institutions, including heating plants, the Czech Social Security Administration, firefighters and the Prague Transport Company.

NÚKIB’s reaction

It is therefore not surprising that the domestic National Office for Cyber ​​and Information Security (NÚKIB) reacted to the situation. He first issued a warning that a day later (Thursday, December 12) he came with reactive measures (PDF) under the Cyber ​​Security Act. The cyber authority assessed the risks as serious.

“Administrators of critical information infrastructure systems, critical information systems and basic service systems must immediately make security updates, check that their system has not been compromised and perform a security audit. It is recommended that you turn off SolarWinds products until these steps are completed. ” states NÚKIB.

“When verifying that your network is compromised, keep in mind that the compromise may have occurred as early as March 2020, and perform a security audit well in the past,” the cyber office added.

Many non-US SolarWinds customers include the European Parliament, NATO and other government institutions and companies. SolarWinds drew attention to the scale of the problem in a report to the US Securities and Exchange Commission (SEC), as it is traded on the NYSE with a current market value of $ 5.8 billion. According to SolarWinds, an error in the Orion application portfolio can be exploited to compromise up to 18,000 of the company’s 300,000 customers.

Russia again?

With technical vulnerability analysis of SolarWinds products FireEye came, Which added by Microsoft. Although the true extent of the attacks is unknown, it can be a really large number. “Among the victims are governments, consulting, technology, telecommunications and mining companies in North America, Europe, Asia and the Middle East,” writes FireEye. SolarWinds has published the site, which describes procedures for applying patches and the like.

It is assumed that the Russian group APT29 or Cozy Bear, which is to be subject to the local SVR intelligence, is behind the event. These are therefore considered to be state-sponsored attacks. Hackers probably chose the most beneficial targets as a priority.