SolarWinds Staff Warned About Security Holes Before Russia Hack

Well before Russia’s audacious cyberattack that exploited SolarWinds Corp.’s software was made public, several employees allegedly raised red flags about holes in the company’s security. Their warnings, documented in a lawsuit filed by US regulators, raise questions about whether the Texas-based company could have done more to prevent an attack that infiltrated the US government and major corporations.

In November 2020, a month before the attack was revealed, a senior security manager wrote in an instant message: “We’re so far from being a security minded company. Every time I hear our head geeks talking about security I want to ...