Surprise or not, it looks like the SolarWinds attacks have gone further than we might have thought. It happens that one of the targeted companies by the Russian attackers back then was also Autodesk who only recently confirmed they were affected by the attack at the time.
Nine months have passed since Autodesk allegedly discovered and neutralized the attack on one of its servers that was the recipient of the backdoor malware.
Autodesk is an American company that is focused on developing software and providing services to millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design), drafting, and 3D modeling tools.
We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents.
While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations.
Approached by BleepingComputer reporters, an Autodesk employee who preferred to remain under the protection of anonymity pointed that the attackers failed to deploy any other malware on Autodesk servers than the Sunburst Backdoor; this most likely happened due to the fact that the server has never been selected for a subsequent exploitation stage or merely they did not act fast enough before being detected by Autodesk.
Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied.
Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation.
Many Other Companies Were Breached
As it has been previously been reported the supply-chain attack that happened before the attack on SolarWinds has also been coordinated by a dedicated hacking Russian Foreign Intelligence Service that has several labels varying from APT29 to The Dukes or The Cozy Bear.
The source code of Orion Software Platform has been affected by Trojan attacks impacting builds that were released between 2020 in March and June.