# Autodesk reveals it was targeted by Russian SolarWinds hackers **[bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/](https://www.bleepingcomputer.com/news/security/autodesk-reveals-it-was-targeted-by-russian-solarwinds-hackers/)** Sergiu Gatlan By [Sergiu Gatlan](https://www.bleepingcomputer.com/author/sergiu-gatlan/) September 2, 2021 07:30 AM 0 Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that [one of its servers was backdoored with Sunburst malware.](https://www.bleepingcomputer.com/news/security/sunburst-backdoor-shares-features-with-russian-apt-malware/) The US software and services company provides millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design), drafting, and 3D modeling tools. "We identified a compromised SolarWinds server and promptly took steps to contain and [remediate the incidents," Autodesk said in a recent 10-Q SEC filing.](https://www.documentcloud.org/documents/21053749-autodesk-targeted-by-russian-svr-in-solawinds-supply-chain-attacl-10-q-sec#document/p96/a2052810) ----- While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations." An Autodesk spokesperson told BleepingComputer that the attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn't act quickly enough before they were detected. "Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied," the spokesperson said. "Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation." ## One of many tech companies breached in a large-scale hacking spree The [supply-chain attack that led to SolarWinds's infrastructure getting breached](https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/) was [coordinated by the hacking division of the Russian Foreign Intelligence Service (aka](https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/) APT29, The Dukes, or Cozy Bear). After gaining access to the company's internal systems, the attackers trojanized the Orion Software Platform source code and builds released between March 2020 and June 2020. These malicious builds were later used to deliver a backdoor tracked as Sunburst to "fewer than 18,000," but, luckily, the threat actors only picked a substantially lower number of targets for second-stage exploitation. As a direct result of this supply-chain attack, the Russian state hackers gained access to the networks of multiple US federal agencies and private tech sector firms. Before the attack was disclosed, SolarWinds said it had 300,000 customers worldwide [[1,](http://webcache.googleusercontent.com/search?q=cache:https://www.solarwinds.com/company/customers) [2], including over 425 US Fortune 500 companies, all top ten US telecom companies.](http://web.archive.org/web/*/https://www.solarwinds.com/company/customers) The company's customer list also included a long list of govt agencies (the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States). At the end of July, the US Department of Justice was the latest US government entity to disclose that 27 US Attorneys' offices were breached during last year's SolarWinds global hacking spree. [SolarWinds has reported expenses of $3.5 million from dealing with last year's supply-chain](https://www.bleepingcomputer.com/news/security/solarwinds-reports-35-million-in-expenses-from-supply-chain-attack/) attack in March 2021, including remediation and incident investigation costs. ----- ### Related Articles: [GitHub: Attackers stole login details of 100K npm user accounts](https://www.bleepingcomputer.com/news/security/github-attackers-stole-login-details-of-100k-npm-user-accounts/) [Google shut down caching servers at two Russian ISPs](https://www.bleepingcomputer.com/news/technology/google-shut-down-caching-servers-at-two-russian-isps/) [Hacker says hijacking libraries, stealing AWS keys was ethical research](https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/) [Popular Python and PHP libraries hijacked to steal AWS keys](https://www.bleepingcomputer.com/news/security/popular-python-and-php-libraries-hijacked-to-steal-aws-keys/) [Hackers target Russian govt with fake Windows updates pushing RATs](https://www.bleepingcomputer.com/news/security/hackers-target-russian-govt-with-fake-windows-updates-pushing-rats/) [APT29](https://www.bleepingcomputer.com/tag/apt29/) [Autodesk](https://www.bleepingcomputer.com/tag/autodesk/) [Russia](https://www.bleepingcomputer.com/tag/russia/) [Russian SVR](https://www.bleepingcomputer.com/tag/russian-svr/) [Security Breach](https://www.bleepingcomputer.com/tag/security-breach/) [SolarWinds](https://www.bleepingcomputer.com/tag/solarwinds/) [Supply-Chain Attack](https://www.bleepingcomputer.com/tag/supply-chain-attack/) [Sergiu Gatlan](https://www.bleepingcomputer.com/author/sergiu-gatlan/) Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips. [Previous Article](https://www.bleepingcomputer.com/offer/deals/transfer-back-up-and-erase-data-with-this-pc-transfer-bundle-for-105/) [Next Article](https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-authentication-bypass-bug-with-public-exploit/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----