(THE INTERCEPT) -- The hacking campaign that infected numerous government agencies and tech companies with malicious SolarWinds software has also infected more than a dozen critical infrastructure companies in the electric, oil, and manufacturing industries who were also running the software, according to a security firm conducting investigations of some of the breaches.
In addition to the critical infrastructure companies, the SolarWinds software also infected three firms that provide services for such companies, says Rob Lee, CEO of Dragos, Inc., which specializes in industrial control system security and discovered some of the infections.
The service companies are known within the industry as original equipment manufacturers, or OEMs. They sometimes have remote access to critical parts of customer networks, as well as privileges that let them make changes to those networks, install new software, or even control critical operations. This means that hackers who breached the OEMs could potentially use their credentials to control critical customer processes.
Advertisement - story continues below