SolarWinds was a supply-chain compromise discovered in December 2020 in which Russian SVR operators inserted the SUNBURST backdoor into the Orion network management software, which was then distributed to ~18,000 customer organizations including multiple U.S. federal agencies (Treasury, DHS, Commerce, State, Energy/NNSA), and technology companies including Microsoft and FireEye. The compromise was undetected for at least 9 months. Total recovery costs across affected organizations are estimated at $100B+ but precise figures remain disputed; the incident reshaped U.S. federal cybersecurity policy (Executive Order 14028, May 2021).
Details
Date discovered
December 13, 2020 (active since at least March 2020)
Attribution
SVR (Russian foreign intelligence) APT29 / Cozy Bear
AI involvement
none
Initial vector
SolarWinds Orion software update supply-chain compromise
Estimated total damages
~$100B+ recovery cost across affected organizations (high uncertainty)
Notable victims
U.S. Treasury, DHS, Commerce, State, Microsoft, FireEye, ~18,000 organizations
Related Wiki Pages
Top Related Pages
Tags
cyber-incidentsupply-chainespionagerussiafederal-governmentapt29