The state of Michigan was using the network that was attacked through malicious code earlier this year, an official confirmed to The Epoch Times.
The SolarWinds Orion network was compromised through malware, or malicious code, that gave attackers access to systems when customers uploaded updates to the network, according to cybersecurity firm FireEye, which was among those whose systems were breached.
The state of Michigan did utilize the Orion network, a spokesman for the Michigan Department of Technology, Management and Budget told The Epoch Times this week.
Caleb Buhs, the spokesman, said the network “was not connected with any election-related networks in the Michigan Department of State,” which runs elections.
A spokesperson for that department declined to provide more information.
Buhs added: “At the direction of the Department of Homeland Security, we removed SolarWinds from our network immediately and it has not been put back into service. Michigan has completed a forensic investigation and has determined there was no indication of compromise within our systems.”
Michigan’s use of SolarWinds was first reported by independent reporter Kyle Becker, who noted state documents from recent years that said the Department of Technology, Management and Budget was using SolarWinds network management software and tools.
Michigan has been a key focus of the battle by Republicans to contest election results. They point to irregularities in the state, including a change of thousands of votes in Antrim County, resulting in President Donald Trump getting over 4,000 more votes than initially reported. State officials have challenged allegations, saying they’re unfounded.
According to SolarWinds, a Texas-based information technology firm, up to 18,000 customers installed updates of its Orion network.
The compromises included multiple government networks, including the Departments of Commerce and Treasury.
The Department of Homeland Security’s cybersecurity agency earlier this month ordered agencies that were using the Orion network to quickly disconnect affected devices. In an update, the agency said the “advanced persistent threat” actor behind the attacks, which date back to at least March, “has demonstrated patience, operational security, and complex tradecraft in these intrusions.”
“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said.
Some Trump administration officials and members of Congress say Russia is behind the attack, but the president has said China may be the culprit.
In a partial customer list that was taken offline, SolarWinds boasted that all five branches of the U.S. military used its services, along with agencies like the office of the president and 425 of the Fortune 500 companies.
SolarWinds CEO Kevin Thompson said on Dec. 18 that the company is focused on responding to the breach.
The vulnerability, if present and activated, “could potentially allow an attacker to compromise the server on which Orion products run,” he said.