Hack brings unwanted attention to obscure but vital IT firm

Before this week, few people were aware of SolarWinds, a Texas-based software company providing vital computer network monitoring services to corporations and government agencies around the world.

But the revelation that elite cyber spies have spent months secretly exploiting SolarWinds' software to peer into computer networks has put many of its highest-profile customers in national governments and Fortune 500 companies on high alert.

“They’re not a household name the same way that Microsoft is. That’s because their software sits in the back office," said Rob Oliver, a research analyst at Baird who has followed the company for years. “Workers could have spent their whole career without hearing about SolarWinds. But I guarantee your IT department will know about it.”

Now plenty of other people know about it too, and not in a good way.

Founded in 1999 by two brothers in Tulsa, Oklahoma, ahead of the feared turn-of-the-millennium Y2K computer bug, the company’s website says its first product “arrived on the scene to help IT pros quell everyone’s world-ending fears.”

This time, its products are the ones instilling fears. The company on Sunday began alerting about 33,000 of its customers that an “outside nation state" — widely suspected to be Russia — had found a back door into some updated versions of its premier product, Orion. The ubiquitous software tool, which helps organizations monitor the performance of their computer networks and servers, had become an instrument for spies to steal information undetected.

One of SolarWinds' customers, the prominent California cybersecurity firm FireEye, was the first to discover the cyberespionage operation. FireEye revealed earlier this month that its own systems were breached by attackers who made off with its defensive hacking tools. Among the other...