A report by freelancer Kim Zetter on Saturday claimed the attackers had conducted a dry run in October last year, distributing files that were altered, but had no backdoor in them.
In an FAQ on the SolarWinds website, reference is made to the October 2019 files, with a statement (see screeshot below) that during that month, the company distributed software that “contained test modifications to the code base ... it is the first version in which we have seen activity from the attacker at this time”.
The attack came to light this month soon after cyber security firm FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen. However, the company made no mention of when it had noticed this breach.
A number of US Government departments — Homeland Security and Treasury among them — have been named as being affected. FireEye, too, appears to have been a victim. The Orion software has very wide usage in the US and also in Britain.
The Yahoo! News report was published after researchers from Russian security firm Kaspersky claimed that additional victims of the attack had been discovered, one being a big US communications firm and the other a part of a state government.
Reuters later reported that these were Cox Communications and a city in the state of Arizona.
Yahoo! News said the files used in the dry run had been found on several victims' systems.
Zetter also reported that FireEye had discovered the attack on its systems after an employee, whose login credentials had apparently been stolen by the attackers after they gained access to the network and used to log in, noticed that an additional device had been registered to receive the usual code for two-factor authentication.
The additional device was notified to this employee by the company's automated system.