The state of Michigan was using the software that was attacked through malicious code earlier this year, an official confirmed to The Epoch Times.
The state of Michigan did utilize the Orion software, a spokesman for the Michigan Department of Technology, Management, and Budget told The Epoch Times in an email this week.
Caleb Buhs, the spokesman, said it “was not connected with any election-related networks in the Michigan Department of State,” which runs elections.
A spokesperson for that department declined to provide more information.
Buhs said: “At the direction of the Department of Homeland Security, we removed SolarWinds from our network immediately and it has not been put back into service. Michigan has completed a forensic investigation and has determined there was no indication of compromise within our systems.”
Michigan’s use of SolarWinds was first reported by independent reporter Kyle Becker, who noted state documents from recent years that said the Department of Technology, Management, and Budget was using SolarWinds network-management software and tools.
The compromises included multiple government networks, including the Departments of Commerce and Treasury.
The Department of Homeland Security’s cybersecurity agency earlier this month ordered agencies that were using the Orion network to quickly disconnect affected devices. In an update, the agency said the “advanced persistent threat” actor behind the attacks, which date back to at least March, “has demonstrated patience, operational security, and complex tradecraft in these intrusions.”
“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said.
Some Trump administration officials and members of Congress say Russia is behind the attack, but the president has said China may be the culprit.
In a partial customer list that was taken offline, SolarWinds boasted that all five branches of the U.S. military used its services, along with agencies such as the office of the president and 425 of the Fortune 500 companies.
SolarWinds CEO Kevin Thompson said on Dec. 18 that the company is focused on responding to the breach.
The vulnerability, if present and activated, “could potentially allow an attacker to compromise the server on which Orion products run,” he said.