SolarWinds 2020 Supply Chain Compromise

SolarWinds, a major IT infrastructure management software provider, experienced a sophisticated supply chain compromise affecting its Orion platform. The breach was discovered and disclosed in December 2020, impacting thousands of organizations globally including multiple government agencies and Fortune 500 companies. The attack compromised SolarWinds' software build system, allowing malicious actors to distribute trojanized updates to approximately 18,000 customers.

The attack chain began with unauthorized access to SolarWinds' development environment, where attackers inserted malicious code into legitimate Orion software updates. This created a backdoor (SUNBURST) that communicated with command-and-control infrastructure, enabling lateral movement and data exfiltration from affected networks. The compromise specifically targeted the SolarWinds.Orion.Core.BusinessLayer.dll binary, which was digitally signed with SolarWinds certificates, making detection more difficult.

Multiple government agencies including the United States Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives requiring federal agencies to disconnect affected Orion products. The incident triggered widespread security reviews across affected organizations, with mandatory software updates and network segmentation implemented as containment measures. SolarWinds released security advisories and patches while conducting forensic investigations with third-party cybersecurity firms.