In a recent 10-Q filing with the SEC, Autodesk confirmed that it was also the target of the large-scale SolarWinds supply-chain attacks coordinated by the hacking division of the Russian Foreign Intelligence Service.
The announcement comes nearly nine months after it was revealed that one of its servers was back docked with Sunburst malware.
To further clarify the issue, an Autodesk spokesperson pointed out that the attackers did not deploy any other known malware besides the Sunburst backdoor. It’s believed this was the case because Autodesk detected the malware before the threat actors could respond.
The spokesperson further clarified: “Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied. Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation.”
For more information, read the original story in Bleeping Computer.