Cyber Resilience

SolarWinds Orion supply chain compromise (SOLARWINDS-2020)

Supply-chain compromise · disclosed 2020-12-13 · region: US · primary attribution: APT29

Earliest known compromise: 2019-09-04

Sectors touched: Information · Software Publishers · National Security · Executive, Legislative & Other General Government Support

Trojanised SolarWinds Orion software update distributed to ~18,000 organisations; ~100 received follow-on intrusions. The most consequential US-government cyber espionage incident of the decade. Triggered the May 2021 Cybersecurity EO 14028.

Supply-chain flow

ATTACKERCOMPROMISED VENDORDOWNSTREAM VICTIMSAPT29APT29SolarWindsSolarWindsMicrosoftMicrosoftMandiantMandiantUS Treasury DepartmentUS Treasury DepartmentUS Commerce DepartmentUS Commerce DepartmentUS State DepartmentUS State DepartmentUS Department of JusticeUS Department of JusticeUS Department of Homeland SecurityUS Department of Homeland…CiscoCisco+ 3 more

Trojanised SolarWinds reached 11 named downstream victim(s).

Named victims

CVEs linked to this incident

Linked sources

This canonical entry pulls together coverage from the other data layers — curated narrative above; raw sources below.

Sources

« All landmark incidents  ·  All actors  ·  All victims