The SolarWinds compromise was a major cyber attack that occurred in 2020 and targeted various government and private organizations around the world. The attack has been attributed to Russia and is believed to have been carried out by APT29, a Russia-based espionage group that is sponsored by the Russian Foreign Intelligence Service (SVR).
The attackers used a supply chain attack to compromise the software updates of SolarWinds, a company that provides IT management software to a wide range of organizations. The attackers used the compromised software updates to install a malicious code, called a “backdoor,” on the victims’ systems. The backdoor allowed the attackers to gain access to the victims’ networks and steal sensitive information, such as passwords and documents.
The attack was one of the most sophisticated and widespread cyber attacks in history and had a significant impact on the affected organizations. It highlighted the importance of secure software updates and supply chain security.
Here is a timeline of the SolarWinds attack:
- September 2019: Threat actors gain unauthorized access to SolarWinds network
- October 2019: Threat actors test initial code injection into Orion
- February 20, 2020: Malicious code known as Sunburst is injected into Orion
- March 26, 2020: SolarWinds unknowingly starts sending out Orion software updates with hacked code
Continuous integration/continuous delivery (CI/CD) is a software development practice in which code changes are automatically built, tested, and deployed to production. CI/CD can help organizations to quickly and efficiently release new features and updates to their software.
In the case of the SolarWinds compromise, the attackers were able to use the CI/CD process to their advantage by compromising the software updates that SolarWinds provided to its customers. By introducing a malicious code into the updates, the attackers were able to gain access to the systems of the organizations that installed the updates. This demonstrates the importance of secure software updates and the need to carefully manage the supply chain of software and other products.