SolarWinds (2020)

Wiki article →Data →

SolarWinds was a supply-chain compromise discovered in December 2020 in which Russian SVR operators inserted the SUNBURST backdoor into the Orion network management software, which was then distributed to ~18,000 customer organizations including multiple U.S. federal agencies (Treasury, DHS, Commerce, State, Energy/NNSA), and technology companies including Microsoft and FireEye. The compromise was undetected for at least 9 months. Total recovery costs across affected organizations are estimated at $100B+ but precise figures remain disputed; the incident reshaped U.S. federal cybersecurity policy (Executive Order 14028, May 2021).

Details

Date discovered

December 13, 2020 (active since at least March 2020)

Attribution

SVR (Russian foreign intelligence) APT29 / Cozy Bear

AI involvement

none

Initial vector

SolarWinds Orion software update supply-chain compromise

Estimated total damages

~$100B+ recovery cost across affected organizations (high uncertainty)

Notable victims

U.S. Treasury, DHS, Commerce, State, Microsoft, FireEye, ~18,000 organizations

Related Wiki Pages

Top Related Pages

Event

NotPetya (2017)