The SolarWinds compromise was a major cyber attack that occurred in 2020 and targeted various government and private organizations around the world. The attack has been attributed to Russia and is believed to have been carried out by APT29, a Russia-based espionage group that is sponsored by the Russian Foreign Intelligence Service (SVR).
The attackers used a supply chain attack to compromise the software updates of SolarWinds, a company that provides IT management software to a wide range of organizations. The attackers used the compromised software updates to install a malicious code, called a “backdoor,” on the victims’ systems. The backdoor allowed the attackers to gain access to the victims’ networks and steal sensitive information, such as passwords and documents.
The attack was one of the most sophisticated and widespread cyber attacks in history and had a significant impact on the affected organizations. It highlighted the importance of secure software updates and supply chain security.
Here is a timeline of the SolarWinds attack:
- September 2019: Threat actors gain unauthorized access to SolarWinds network
- October 2019: Threat actors test initial code injection into Orion
- February 20, 2020: Malicious code known as Sunburst is injected into Orion
- March 26, 2020: SolarWinds unknowingly starts sending out Orion software updates with hacked code
Continuous integration/continuous delivery (CI/CD) is a software development practice that automatically builds, tests, and deploys code changes to production, enabling organizations to swiftly and efficiently release new features and updates. However, during the SolarWinds compromise, the attackers exploited the CI/CD process by corrupting the software updates distributed to customers. This infiltration allowed them to access the systems of organizations that installed the compromised updates, highlighting the crucial importance of secure software updates and diligent management of software supply chains.