As multiple U.S. federal agencies report breaches by hackers who used a compromised software manufactured by IT company SolarWinds to infiltrate government computer networks, the state of Michigan says that so far there is “no indication” that the state network was affected.
Michigan, a key battleground state in the 2020 presidential election, has been the focus of multiple allegations of voter fraud and election irregularities made by lawyers for President Donald Trump’s campaign and others. When reports emerged earlier this week that a “highly-sophisticated, targeted and manual supply chain attack by a nation state” compromised SolarWinds’ Orion suite of network management software, rampant speculation immediately began as to whether the cyberattack somehow influenced the 2020 U.S. presidential election in Michigan and elsewhere.
SolarWinds services multiple government clients in addition to private sector customers with its software. Rumors initially swirled that Dominion Voting Systems, the voting machine manufacturer at the center of allegations of election tampering made by President Donald Trump and his allies, used SolarWinds products and questions were raised about whether voting machines were hacked before the election.
Reporting by the Wall Street Journal’s Alexa Corse and others clarified that while Dominion does in fact use SolarWinds Serv-U product, the company does not use the compromised Orion product line. Following these reports, independent journalist Kyle Becker obtained a copy of a document from the state of Michigan’s Department of Technology, Management, and Budget (DTMB) that said the state of Michigan used SolarWinds Orion products.
Today, Dominion’s CEO denied that the company had ever had any business with Orion SolarWinds, the tech… https://t.co/ssZ42koSao
— Kyle Becker (@Kyle Becker)1608083943.0
Caleb Buhs, a spokesman for the DTMB confirmed to TheBlaze that Michigan uses SolarWinds Orion IT tools and that the state is investigating whether its networks were compromised in the cyberattack, as the Cybersecurity and Infrastructure Agency (CISA) recommended.
“Upon notification of the SolarWinds – Orion compromise, the state of Michigan started a forensic investigation of the state network in accordance with the recommended steps outlined by the U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA),” Buhs told TheBlaze.
“To date, there is no indication that the SolarWinds – Orion compromise was activated within the state network,” he said.
“To protect the state environment, DTMB continues to monitor the environment and will follow any additional steps that may be recommended by CISA as more information is released,” Buhs added.
The spokesman also said that the Michigan Department of State, Bureau of Elections systems do not use the SolarWinds Orion software.
Multiple federal agencies, including the U.S. Treasury and Commerce Departments and the Department of Energy and National Nuclear Security Administration have reported breaches in what officials say was a widespread cyberattack suspected to be conducted by foreign actors.
Cybersecurity firm FireEye in a blog post stated that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds’ Orion software. According to cybersecurity reporter Brian Krebs, the cyberattack could have affected as many as 18,000 SolarWinds customers.
The full extent of the cybersecurity compromise could remain unknown for some time as federal and state authorities conduct their investigations.