UPDATE 1-SolarWinds CEO says hackers may have struck months earlier than thought
(Adds more on SolarWinds' probe and official comments at RSA, photo)
By Joseph Menn
SAN FRANCISCO, May 19 (Reuters) - SolarWinds Corp's chief executive said the hackers responsible for a major espionage operation that penetrated 10 U.S. government agencies and scores of companies may have been inside his company's network as early as January 2019, months sooner than previously believed.
The company had previously said it had learned that the hackers had been inside the company in Septmember 2019, but Sudhakar Ramakrishna said on Wednesday it appeared that they had been doing "reconnaissance" at the beginning of that year, almost two years before the hacking was detected elsewhere. He spoke at the annual RSA Conference on security, which is being held virtually this year.
The hackers, accused by the United States of working for Russian intelligence, were unsually sophisticated and modified code in SolarWinds network management software that was downloaded by 18,000 customers.
In roughly 100 of those cases, the hackers went further, often stealing email.
The SolarWinds campaign included theft of sensitive source code from tech companies and has helped focus the White House on efforts to secure the software supply chain.
An executive order on cybersecurity last week included provisions requiring vendors to the government to adopt better coding practices and to admit when they have been breached.
In other appearances at RSA this year, federal officials said they want to encourage wider breach disclosures, likely through legislation.
Officials said they are especially concerned by the explosive growth in ransomware, in which hacking gangs steal data or encrypt it and demand payment not to publish or to restore access.
Those groups have increasingly targeted hospitals, local governments and manufacturers, and one such gang, DarkSide, encrypted files at Colonial Pipeline this month, prompting a six-day shutdown of the largest fuel pipeline in the country.
Colonial's chief executive admitted on Wednesday that the company had paid $4.4 million to the hackers.
(Reporting by Joseph Menn in San Franciso. Writing by Raphael Satter, Editing by Franklin Paul and Steve Orlofsky)