It was one of the largest cyber-espionage attacks of recent times: hackers compromised several United States government federal agencies as well as big tech companies, and were inside networks for months before anyone spotted them.
These attackers were later revealed to be working for the Russian foreign intelligence service (SVR), and they started their attack in an unexpected way, by targeting a software company called SolarWinds. The hackers accessed builds of the company’s Orion software, and then placed malware into software updates sent out to SolarWinds customers between March and June 2020.
The software is used by thousands of organisations around the world. Applying security updates and patches is generally regarded as good cybersecurity practice to protect against software vulnerabilities being exploited to facilitate cyberattacks, so organisations around the world installed the Orion updates from a source they trusted. But it was that action itself that allowed the attackers in.
“It became clear early on the threat actor employed novel and sophisticated techniques indicative of a nation-state actor and consistent with the goal of cyber espionage via a supply chain attack. In addition, the operational security