Maybe you saw the news on the SolarWinds hack. If you didn’t, you should follow me on Twitter: https://twitter.com/TristanDostaler

In this post I want to explain, in a way understandable by everyone, why this hack matters.

What is SolarWinds Orion

SolarWinds is a US based company. They have clients worldwide. One of the products they offer is Orion. This tool does a lot of things, but the main feature that interest us is that it provides the ability to monitor your infrastructure. To do this, you need to install the Orion agent on one of your servers. This agent is installed with high privileges and is able to login on most of your infrastructure to gather metrics like CPU, RAM, etc.

What’s the hack

At the moment I am writing these lines, it is unclear how SolarWinds got hacked. What we know is that it was perpetrated by an APT (Advanced Persistent Threat, a term used to describe high profile malicious hacker groups) probably backed by Russia. In other words, they got hacked by a highly skilled group of hackers with deep pockets.