By Jack Stubbs and Raphael Satter
LONDON/WASHINGTON (Reuters) – U.S. IT company SolarWinds said on Monday fewer than 18,000 of its customers had downloaded a compromised software update which allowed suspected Russian hackers to spy on global businesses and governments unnoticed for almost nine months.
The U.S. Department of Homeland Security issued an emergency warning on Sunday, ordering users to disconnect and disable SolarWinds software which it said had been compromised by “malicious actors.”
The U.S. warning came after Reuters reported that suspected Russian hackers had used hijacked software updates to break into multiple American government agencies, including the Treasury and Commerce departments.
Russia denied having any connection to the attacks.
In a regulatory disclosure on Monday, SolarWinds Corp said it believed the attack was the work of an “outside nation state” that inserted malicious code into updates of its Orion network management software issued between March and June this year.
“SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” the company said.
SolarWinds said it was not aware of vulnerabilities in any of its other products and it was now investigating with help from U.S. law enforcement and outside cybersecurity experts.
(Reporting by Elizabeth Piper and Jack Stubbs in London, Raphael Satter in Washington, and Dmitry Antonov and Gabrielle T’trault-Farber in Moscow; Editing by Jonathan Oatis)