SolarWinds Orion SUNBURST Supply Chain Attack — Russia SVR, 18,000 Organizations

📅 2020-12-01 🏢 SolarWinds Orion IT monitoring platform 🦠 SUNBURST, TEARDROP, RAINDROP

Incident Details

See comprehensive record: data/supply-chain/2020-12_solarwinds-sunburst.yaml. The SolarWinds Orion supply chain attack is the defining supply chain cyber incident of the decade — Russia’s SVR compromised a trusted IT monitoring vendor to gain simultaneous access to 18,000 organizations including US federal agencies, Microsoft, Intel, and Cisco. The attack remained undetected for approximately 9 months.

Technical Details

Initial Attack Vector: Russia SVR/Cozy Bear/APT29 compromised SolarWinds' Orion software build pipeline and injected the SUNBURST backdoor into legitimate Orion updates, signed with SolarWinds' code signing certificate and distributed to ~18,000 organizations
Vendor / Product: SolarWinds Orion IT monitoring platform
Malware Family: SUNBURST, TEARDROP, RAINDROP
Supply Chain Attack: ✅ Confirmed third-party / vendor compromise

Timeline

2020-12-01 Breach occurred
2020-12-01 Publicly disclosed