Autodesk targeted in SolarWinds hack

Autodesk was targeted in the SolarWinds supply-chain hack that was disclosed last December, but it only revealed said targeting in a recent 10-Q filing.

The AutoCAD developer released its Form 10-Q Wednesday, which is filed to the SEC each quarter to act as a financial overview of a public company. Although the document covers the three-month quarter ending July 31, it mentions the now-infamous SolarWinds supply chain hack in its "risk factors" section -- an attack that was originally disclosed at the end of last year.

In a section of the filing discussing cyber risk and how Autodesk is regularly targeted by threat actors, SolarWinds is brought up as an example. The filing mentions that the company identified a compromised SolarWinds server and "promptly took steps to contain and remediate the incidents."

"While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other similar attacks could have a significant negative impact on our systems and operations," the document read.

Autodesk shared a statement with SearchSecurity.

"Autodesk identified a single compromised SolarWinds server on Dec. 13," the statement read. "This server was internal only and not connected to the customer environment. Soon after identification, the server was isolated, logs were collected for forensic analysis, and the software patch was applied. Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation."

The news was first reported by BleepingComputer.

The massive supply chain attack occurred when Russian threat actors gained access to SolarWinds' IT monitoring platform Orion; they then pushed malicious updates to thousands of customers in both the private and public sectors. The fallout of the attack has been felt since its disclosure in mid-December, though the earliest known breach in the attack took place in January 2019.

It has been attributed with high confidence to the Russian foreign intelligence unit's APT29, otherwise known as Cozy Bear. President Joe Biden signed an executive order in April imposing sanctions on the Russian government over the hack.

Though Autodesk is not the only large company to be targeted in the SolarWinds hack with seemingly minimal impact, other enterprises including Cisco, VMware, Intel and Nvidia disclosed similar situations back in December. Only a small number of the reportedly 18,000 SolarWinds customers that installed the malicious updates are publicly known, however.

Alexander Culafi is a writer, journalist and podcaster based in Boston.