SolarWinds Compromise

The SolarWinds compromise, a highly sophisticated cyber attack campaign, was first brought to light by FireEye in December 2020. The attackers leveraged a supply chain vulnerability in the SolarWinds Orion software, installing a malicious backdoor known as SUNBURST. This allowed them to gain access to numerous organizations' systems, potentially undetected for a significant period of time. FireEye's initial report also identified indicators for a webshell they named SUPERNOVA, adding another layer to the complexity and severity of the attack. According to SecurityScorecard, the initial timing of the SolarWinds compromise may have been significantly earlier than initially suspected, possibly beginning up to five months prior to its discovery. This extended timeframe increased the potential impact and reach of the attack, providing the attackers with a longer window to infiltrate and exploit the targeted systems. During this time, the attackers could have gathered sensitive information, disrupted operations, or caused other forms of damage. A report from Volexity named the threat actor behind the SolarWinds compromise as Dark Halo. They exploited the SolarWinds breach to infiltrate various organizations, further demonstrating the widespread implications of this attack. In response to these revelations, the Cybersecurity & Infrastructure Security Agency (CISA) released supplemental guidance and updates on emergency directives aimed at mitigating the effects of the SolarWinds compromise. These actions underscored the critical importance of robust cybersecurity measures and swift responses to such incidents.