Dominion Voting website scrubbed of reference to software group allegedly hacked by Russia

Dominion Voting Systems recently scrubbed a reference on its web site to a company at the center of a major cybersecurity breach allegedly carried out by Russian hackers. 

The Austin, Texas-based software company SolarWinds has been the subject of explosive controversy, due to revelations that a hacker or group of hackers, possibly originating from Russia, used vulnerabilities in its software to breach "U.S. government agencies, critical infrastructure entities, and private sector organizations" starting in at least March 2020, the U.S. Cybersecurity and Infrastructure Security Agency said Thursday.

The breach occurred in part via SolarWinds's Orion platform, which CISA described as "an enterprise network management software suite that includes performance and application monitoring and network configuration management along with several different types of analyzing tools." 

SolarWinds said on its website that the hack "could potentially allow an attacker to compromise the server on which the Orion products run." The company "currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000," SolarWinds said in SEC filings on Monday. 

Multiple government agencies including the Treasury, the Department of Defense and the Department of Homeland Security may have been affected by the breach, according to reports. 

Dominion Voting Systems, the company that for the last six weeks has been at the center of controversy and allegations surrounding the 2020 election, had a reference on its Web site until sometime last week indicating it used SolarWinds to manage its DVS file share system, according to archival web captures. 

Dominion's Web site suggested it utilized SolarWinds's Serv-U FTP file transfer platform to manage that system. Yet some time between Dec. 14 and Dec. 18, the company scrubbed the reference to SolarWinds from the current FTP login page.

Reached for comment, Dominion did not respond to questions on its use of the SolarWinds product, though the company said in a statement that it "does not now — nor has it ever — used the SolarWinds Orion Platform, which was subject of the DHS emergency directive."

Pressed for more information on its use of the Serv-U platform, the company resent an identical statement.

SolarWinds did not respond to requests for comment on Friday and Saturday. On its website, the company states that, as of Friday morning, Serv-U was among its products "not known to be affected" by the security breach. 

The hackers responsible for the breach "demonstrated patience, operational security, and complex tradecraft in these intrusions," CISA said on Thursday. The hackers have been "using virtual private servers (VPSs), often with IP addresses in the home country of the victim, for most communications to hide their activity among legitimate user traffic."

Last Wednesday, meanwhile, the FBI, CISA and the Office of the Director of National intelligence issued a joint statement that the agencies had formed "a Cyber Unified Coordination Group ... to coordinate a whole-of-government response to this significant cyber incident."